On 11/14/06, Chad Perrin <perrin(a)apotheon.com> wrote:
. . . and at that point, you're back to wondering
if the
sysops/bureaucrats who don't have the skill will leave the approval
queue alone.
I think, psychologically, that requiring people to personally and
informally propose things on talk pages will better stave off
overconfident sysops than some kind of queue or formal mechanism. The
latter is, I suspect, more prone to clear-the-backlog-osis, and less
likely to make people realize that by submitting it they're taking
responsibility for it.
That said, there's no reason to be paranoid. Yes, there will always
be vulnerabilities, but they'll be doubly limited by the approval
process *and* the sandbox. We aren't distributing arbitrary machine
code, we're distributing Java, which as far as I know can't do
anything like take over your computer or wipe your hard drive.
Running arbitrary Java is not to my knowledge a real security risk, at
least no more than arbitrary JavaScript (which can spy on you to an
extent), and this Java won't even be arbitrary: it will be vetted
first, however imperfectly.