On Mon, Jan 5, 2009 at 7:23 PM, John McNabb <[email protected]> wrote:
> One thing to remember here is that wesnoth purposely is not a full function > python interpreter in the AI for very good reasons. Campaigns can be > downloaded by wesnoth from the campaign server that have not been vetted by > a bona-fide developer. The decisions to include a python AI interpreter was > accompanied by assurances that the interpreter would be sufficiently limited > to guarantee that malicious content could not use wesnoth to effect the > players system. While having the ability for campaign writers to have > custom python modules might be nice, the security implications would be > awful. Recently, a co-worker of mine discovered a trojan varient that used > java-script run by adobe-acrobat (version 7 or earlier) to infect unwitting > computers. Someone downloading and viewing an infected PDF would have a > subtle root-kit installed. We don't want the same thing to happen with > wesnoth campaigns and other unsupervised downloadable content. John, Security is a very good point. Python code can not be considered secure and downloaded from untrusted sources. I think that restricted Python does not solve this problem. The only way is to review any Python module by trusted members of community before this modules are published on the official server. As much as I love Python my opinion is that you can't trust even restricted Python code. Maybe we should look at Mozilla community and how they deal with Firefox plugins. BTW they are moving towards allowing Python extensions: http://pyxpcomext.mozdev.org/ On the other hand I believe that it would be nice if people could write Wesnoth-based applications and publish them elsewhere (google code, sf.net, github). With time, the best of these application could be included into mailine after thorough review. I believe that a healthy network of many open-source projects based on Wesnoth runtime is the excelent thing to have. This means that we must maximize power, freedom and minimize restrictions for developers/authors and never accept any programming content into mainline and official servers without reviewing and testing it first. Ivan _______________________________________________ Wesnoth-dev mailing list [email protected] https://mail.gna.org/listinfo/wesnoth-dev
