[Commons-l] [Wikitech-l] Java becomes Open Source, what next?

[Alphax (Wikipedia email)]

Simetrical wrote:
> On 11/13/06, Erik Moeller <erik at wikimedia.org> wrote:
>> If security is a major issue, might it be feasible to maintain a
>> whitelist of certificates (to allow applets from trusted authority to
>> be uploaded directly), and to flag all other applets as
>> "non-embeddable" until a sysop flips a switch, so they can be reviewed
>> for security? We could add a big fat warning on the file description
>> page.
> 
> It makes more sense to me to use the system we use for JavaScript,
> i.e., only sysops can add it to begin with.  Allowing applets from
> trusted authorities is an interesting idea, but what does "trusted"
> mean?  Trusted to not take up too many CPU cycles, to avoid playing
> sound unless the user permits it explicitly, to not include material
> that would be vulgar and thus attractive to vandals?
> 
> I definitely don't think anything whatsoever should be available to
> non-sysops at all unless uploaded by a sysop, no matter how large the
> warning message.  People are *way* too used to ignoring warning
> messages.
> 

Here's a related idea: if we can't get "confirmed email required before
uploads enabled" for Commons, could we get uploads disabled for
non-sysops? Surely images in general are similarly "dangerous" (if not
for system & vandalism reasons, for copyright reasons)?

(Cross-posting to Commons-l)

-- 
Alphax - http://en.wikipedia.org/wiki/User:Alphax
Contributor to Wikipedia, the Free Encyclopedia
"We make the internet not suck" - Jimbo Wales
Public key: http://en.wikipedia.org/wiki/User:Alphax/OpenPGP

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 569 bytes
Desc: OpenPGP digital signature
Url : http://lists.wikimedia.org/pipermail/commons-l/attachments/20061114/4eeb6584/attachment.pgp