On Thu, Nov 25, 2010 at 12:46 AM, Erik Moeller erik@wikimedia.org wrote:
[Kicking this thread back to life, full-quoting below only for quick reference.]
I've collected some additional notes on this here: http://commons.wikimedia.org/wiki/Commons:Restricted_uploads
Would appreciate feedback & will circulate further in the Commons community.
I think you are taking the wrong approach here, altough I agree with MZMcBride's reply to your mail "From a social and technical perspective, this proposal is horribly hackish. [...] Given the current parameters, this is probably the best solution. [...]"
I believe that we should really be aiming for scanning for security vulnerabilities and reject only those files that pose a vulnerability. For example, we do now outright reject open office files, as they may encapsulate files that will be executed by the JVM. We should be able to determine the exact circumstances that pose a vulnerability and only reject those files, similar to what we have done for the embedded HTML in files that affects IE.
Bryan