Ok, I've run out of excuses to avoid tackling issue 815: http://code.google.com/p/lilypond/issues/detail?id=815
See it in action here: http://reinhold.kainhofer.com/~lilypond/ajax/user/lilypond/index.html Looks pretty cool. Unfortunately, there's some problems. 1. It uses PHP, which I know nothing about. I thought this was named after a drug, but 2 minutes on wikipedia suggests that I was thinking of PCP. 30 seconds of skimming the wikipedia page about PHP suggests that it's similar to, or based on, perl. It also reminded me that PHP appears to have an obscene number of security flaws -- I vaguely recall seeing "PHP security patches of the week" for several months on LWN. Unlike some people, the less I know about a technology, the less eager I am to deploy it on the internet. I have no reason to doubt Reinhold's ability to create things securely, but at the same time, I don't trust my ability to check and verify the security of this setup. 2. lilypond.org is hosted on a shared server, I don't know how much CPU power this auto-completion would require, and I don't know how much CPU power it would be polite to use. 3. The patch was created almost a year ago, and texi2html has undergone a lot of changes since then. It might still apply cleanly, or it might not. With those factors in mind, we have a few options: a) Reject the patch. We say "yeah, that looks cool, but sorry, we can't fit it into lilypond.org and/or nobody wants to work on the integration / fix the remaining issues / etc". b) Accept the patch, but disable it in a normal build. We integrate it with the rest of our build system and docs, but leave it as an alternate configuration option. People building the docs locally, or making the docs available on their own systems (be it lilynet.net or kainhofer.com or whatever) can enable it. Then, if there's any security or CPU-usage or whatever issues, it's those people who get hosed and not lilypond.org. c) Accept the patch, disable it on a normal build, enable it on lilynet.net (which IIRC has tons of resources), and then create a doc.lilypond.org which redirects to the AJAX-enabled docs on lilynet.net (or any other server that people want to volunteer). That way, we don't disrupt the main site, but normal users can still play around with the searching stuff. d) Accept the patch, make it default, host it on lilypond.org. Unless there's a substantial amount of interest from skilled PHP and web security people, I do not like this option. Thoughts? Cheers, - Graham _______________________________________________ lilypond-devel mailing list [email protected] http://lists.gnu.org/mailman/listinfo/lilypond-devel
