Martin v. Löwis wrote:
I'd like to start offering to host web pages on PyPI,
primarily for the purpose of documentation. Users would
upload a tar.gz file into PyPI, which would unpack it,
and make it available as /doc/<package>/<version>.
To prevent this from being spammed, restrictions on
posting documentation would be established:
- only approved users may post documentation, approval
can be obtained by submitting a support request into
the PyPI tracker.
- only static pages are supported, no includes, no
directory listings, just plain files.
What do you think?
I like the idea.
There's an XSS concern if users can upload arbitrary HTML. Approval
would address some of that, but it might be better to avoid the issue
altogether.
One way to handle that would be to host each package's documentation on
a different domain. E.g., package.pypi.python.org.
Another option is using an HTML scrubber. But removing Javascript would
be unfortunate in this case as there's a lot of good uses of it, so
multiple domains would be better IMHO.
If implemented I think all existing packages could be approved, which
would greatly reduce the approval queue.
--
Ian Bicking : [EMAIL PROTECTED] : http://blog.ianbicking.org
_______________________________________________
Catalog-SIG mailing list
[email protected]
http://mail.python.org/mailman/listinfo/catalog-sig
