[Wikitech-l] Upload of OpenDocument files safe?

Hi dear tech folks, The MediaWiki 1.18 release notes stated the following: “(bug 24230 [1]) Uploads of ZIP types, such as MS Office or OpenOffice can now be safely enabled. A ZIP file reader was added which can scan a ZIP file for potentially dangerous Java applets. This allows applets to be blocked specifically, rather than all ZIP files being blocked.” On the Wikimedia Commons village pump [2], concerns were still raised about security (some referred to macros specifically). Brion stated in 2008 that the ZIP issue was the only problem we had with OpenDocument upload [3], and TheDJ confirmed so in said thread; but let’s make it super-extra clear as for the technical side: * Is it completely safe to enable upload of OpenDocument files on Wikimedia Commons? * If not, would you advise us to restrict this type of uploads to trusted users? [4] With this confirmation, we can quietly discuss on Commons whether we want this or not :-) Thanks for your help! [1] <https://bugzilla.wikimedia.org/show_bug.cgi?id=24230[2] < https://commons.wikimedia.org/wiki/Commons:Village_pump/Archive/2012/03#Ena… [3] < http://lists.wikimedia.org/pipermail/wikitech-l/2008-November/040246.html[4] in the spirit of < https://commons.wikimedia.org/wiki/Commons:Restricted_uploads -- Jean-Frédéric