Mark A. Hershberger wrote:
> Nikola Smolenski <smole...@eunet.rs> writes:
> 
>> 3) And the big one, security. It has not been shown that any of the
>> proposed implementations is secure. I was thinking that perhaps a way to
>> overcome this would be to have a dedicated system just for handling
>> music rendering.
> 
> We don't want to "overcome" any security problems.  This open source
> software: If we know of a security problem, we want to eliminate it.
> 
> But yes, your idea of "only accepting notes" is a good one.  From what
> I've seen, the Lilypond extension seems to accept arbitrary LaTeX, but I
> haven't looked too closely.
> 
> The main problem I see is that developer interest in bug 189 needs to be
> bootstraped.  Bug 189 has 115 comments, over 50 of them before 2009.
> But other than a burst of activity in 2007 for Lilypond and second burst
> in 2008 for ABC, actual development effort to get music on WMF projects
> has laid largely dormant.
> 
> So, how can we change this?
> 
> I think one way would be to provide the Wikisource community with wiki
> on which to try out the Music module and give us feedback about how they
> work while allowing us to develop them and fix the security problems.
> 
> I'm planning on setting up a MW instance with Lilypond and/or ABC using
> Wikipedia Labs.  I think we could use the FileRepo to point to source
> pages like
> http://de.wikisource.org/wiki/Datei:De_Schauenburg_Allgemeines_Deutsches_Komme
> rsbuch_138.jpg
> and editors could start providing a transcription of the pages.
> 
> What do you think?

Am I missing something? The extension has serious vulnerabilities and your
answer is to install it on a public wiki? I don't see how this is even
remotely helpful.

The issue isn't finding people at Wikisource to try out a music module; the
issue is that the extension has technical problems that need to be
addressed. If people want to play around with LaTeX markup (music-related or
not), there are surely a million existing venues on the Web. If, at some
point in the future, after the vulnerabilities have largely been resolved,
user interface/experience testing is needed, sure, setting up a demo on a
labs wiki seems like a great idea. But I have no idea how you'd be at that
point, at this point.

MZMcBride



_______________________________________________
Wikitech-l mailing list
Wikitech-l@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikitech-l

Reply via email to