Hi dear tech folks,
The MediaWiki 1.18 release notes stated the following:
“(bug 24230 [1]) Uploads of ZIP types, such as MS Office or OpenOffice can
now be safely enabled. A ZIP file reader was added which can scan a ZIP
file for potentially dangerous Java applets. This allows applets to be
blocked specifically, rather than all ZIP files being blocked.”
On the Wikimedia Commons village pump [2], concerns were still raised about
security (some referred to macros specifically).
Brion stated in 2008 that the ZIP issue was the only problem we had with
OpenDocument upload [3], and TheDJ confirmed so in said thread; but let’s
make it super-extra clear as for the technical side:
* Is it completely safe to enable upload of OpenDocument files on Wikimedia
Commons?
* If not, would you advise us to restrict this type of uploads to trusted
users? [4]
With this confirmation, we can quietly discuss on Commons whether we want
this or not :-)
Thanks for your help!
[1] <https://bugzilla.wikimedia.org/show_bug.cgi?id=24230
[2] <
https://commons.wikimedia.org/wiki/Commons:Village_pump/Archive/2012/03#Ena…
[3] <
http://lists.wikimedia.org/pipermail/wikitech-l/2008-November/040246.html
[4] in the spirit of <
https://commons.wikimedia.org/wiki/Commons:Restricted_uploads
--
Jean-Frédéric