Mark A. Hershberger wrote:
Nikola Smolenski smolensk@eunet.rs writes:
- And the big one, security. It has not been shown that any of the
proposed implementations is secure. I was thinking that perhaps a way to overcome this would be to have a dedicated system just for handling music rendering.
We don't want to "overcome" any security problems. This open source software: If we know of a security problem, we want to eliminate it.
But yes, your idea of "only accepting notes" is a good one. From what I've seen, the Lilypond extension seems to accept arbitrary LaTeX, but I haven't looked too closely.
The main problem I see is that developer interest in bug 189 needs to be bootstraped. Bug 189 has 115 comments, over 50 of them before 2009. But other than a burst of activity in 2007 for Lilypond and second burst in 2008 for ABC, actual development effort to get music on WMF projects has laid largely dormant.
So, how can we change this?
I think one way would be to provide the Wikisource community with wiki on which to try out the Music module and give us feedback about how they work while allowing us to develop them and fix the security problems.
I'm planning on setting up a MW instance with Lilypond and/or ABC using Wikipedia Labs. I think we could use the FileRepo to point to source pages like http://de.wikisource.org/wiki/Datei:De_Schauenburg_Allgemeines_Deutsches_Kom... rsbuch_138.jpg and editors could start providing a transcription of the pages.
What do you think?
Am I missing something? The extension has serious vulnerabilities and your answer is to install it on a public wiki? I don't see how this is even remotely helpful.
The issue isn't finding people at Wikisource to try out a music module; the issue is that the extension has technical problems that need to be addressed. If people want to play around with LaTeX markup (music-related or not), there are surely a million existing venues on the Web. If, at some point in the future, after the vulnerabilities have largely been resolved, user interface/experience testing is needed, sure, setting up a demo on a labs wiki seems like a great idea. But I have no idea how you'd be at that point, at this point.
MZMcBride