Erik Moeller wrote: > I've collected some additional notes on this here: > http://commons.wikimedia.org/wiki/Commons:Restricted_uploads > > Would appreciate feedback & will circulate further in the Commons community.
>From a social and technical perspective, this proposal is horribly hackish. The over-arching goal should be to implement fewer hacks, though we obviously don't live in an ideal world. Given the current parameters, this is probably the best solution. However, there needs to be a more in-depth analysis of the potential security implications of some of these file types. Even trusted users shouldn't be able to upload files that allow for the arbitrary injection of PHP, for example. I suppose that's why you're asking for more feedback from wikitech-l. The current proposal is vague about which specific file types are desired. A concrete list ought to be generated so that people can research the known security implications of allowing those file types to uploaded. I don't think there is ever going to be (or ever should be) a generic whitelist to allow any and all free/open file types. What are the specific file types that are currently banned that you're seeking to have partially unbanned? MZMcBride _______________________________________________ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l
