On Tue, Aug 12, 2008 at 8:03 PM, Simetrical Simetrical+wikilist@gmail.com wrote:
On Tue, Aug 12, 2008 at 7:54 PM, Chad innocentkiller@gmail.com wrote:
I moreso mean that until it's identified as being a major vulnerability, is taking a major hit to performance an acceptable hit to take?
- I'm pretty sure it's already identified as a major vulnerability
(assuming you consider XSS major).
- I don't think allowing the vulnerability is on the table, at least
not for Wikimedia. The slowdown would be for those who wanted to accept ZIP files, not for those who wanted to avoid the vulnerability -- the vulnerability is avoided regardless. (Unless you hack around and remove the blacklisting of application/zip, admittedly, which some will inevitably do, but then it's their decision as to acceptability of whatever, not ours.)
Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l
You've convinced me. Sorry for the misunderstanding.
-Chad