[Clipart] [Bug 3596] RFE: RSS feed of incoming clipart

bugzilla-daemon at freedesktop.org bugzilla-daemon at freedesktop.org
Fri Nov 11 10:45:59 PST 2005

Please do not reply to this email: if you want to comment on the bug, go to    
the URL shown below and enter yourcomments there.     

------- Additional Comments From galionlibrary at gmail.com  2005-11-11 10:45 -------
> This is NOT more problematic compared with the current display
> of the latest uploads.

Removing that was one of the security-related suggestions I had after the
recent security-related outage.  I agree that, security-wise, the two are
equivalent; whether we publish the recently-submitted images that have not
been reviewed and approved in any way via RSS, or simply via standard HTTP,
the risk is the same.  We should decide whether it's a risk we want to take
or not, and make the decision on both accordingly, i.e., either don't publish
incoming at all for security reasons, or else go ahead and have RSS 
syndication of incoming (if someone wants to implement it, a task I am
not volunteering to do).

I tend to think a compromise solution might be better, a system whereby
people who log in with usernames and passwords, so that there is some
accountability, can review incoming images, add or adjust keywords if 
necessary, and approve them, allowing them to then be moved from incoming
to another folder ("new" perhaps) and published from there.  Handing out
accounts for this (note that they wouldn't need to be shell accounts)
rather liberally would still provide better security than just publishing
unreviewed and anonymously-contributed files, because it allows for better
response in the event of an incident, and because the accountability would 
serve as a deterrent for some, and because it raises the bar a little in 
the first place, as an attacker would have to go to the trouble of 
requesting an account.

It does introduce a delay before a contributed item is published, though.          
Configure bugmail: https://bugs.freedesktop.org/userprefs.cgi?tab=email         
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

More information about the clipart mailing list