On 11/14/06, Chad Perrin perrin@apotheon.com wrote:
. . . and at that point, you're back to wondering if the sysops/bureaucrats who don't have the skill will leave the approval queue alone.
I think, psychologically, that requiring people to personally and informally propose things on talk pages will better stave off overconfident sysops than some kind of queue or formal mechanism. The latter is, I suspect, more prone to clear-the-backlog-osis, and less likely to make people realize that by submitting it they're taking responsibility for it.
That said, there's no reason to be paranoid. Yes, there will always be vulnerabilities, but they'll be doubly limited by the approval process *and* the sandbox. We aren't distributing arbitrary machine code, we're distributing Java, which as far as I know can't do anything like take over your computer or wipe your hard drive. Running arbitrary Java is not to my knowledge a real security risk, at least no more than arbitrary JavaScript (which can spy on you to an extent), and this Java won't even be arbitrary: it will be vetted first, however imperfectly.