https://bugzilla.wikimedia.org/show_bug.cgi?id=189
--- Comment #59 from Aryeh Gregor <simetrical+wikib...@gmail.com> 2009-01-23 17:11:39 UTC --- (In reply to comment #58) > The big argument against lilipond - as far as I understand from the discussion > - is the possibility for an attack by introducing malicous code (infinite > loops). But as far as I can see there are possibility provided by lilipond > itself to prevent exactly this. Using save mode, no-scheme and other. Nobody that I've seen has presented evidence that there are options in current versions of LilyPond that will prevent the possibility of unreasonable or even unbounded CPU/memory usage. The LilyPond documentation says safe mode does not do this. If there are other options like "no-scheme" (which I'm fairly sure has not been mentioned before and which I can't find in the LilyPond documentation), these need to be pointed out so that they can be considered. River (who is a long-time developer and root sysadmin) has said that the ABC extension should be no less safe than ImageMagick. If someone pursues that, it could therefore probably get enabled within a week on technical grounds. There is currently, to my knowledge, no LilyPond extension available that even claims to prevent trivial DoS attacks, and it will not be a credible contender until someone writes one. If you think you can write such an extension, but don't want to waste the effort when it might not get enabled, try asking Tim whether he'll agree in advance to review it. I agree that our review process is dysfunctional, but it's dysfunctional because of lack of trusted people willing to review things, and complaining about it is not going to fix that. You can either give up or make the best of it, your decision. -- Configure bugmail: https://bugzilla.wikimedia.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug. You are the assignee for the bug. _______________________________________________ Wikibugs-l mailing list Wikibugs-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
