Bug 3596 - RFE: RSS feed of incoming clipart
RFE: RSS feed of incoming clipart
Status: CLOSED FIXED
Product: openclipart.org
Classification: Unclassified
Component: tools
unspecified
x86 (IA32) Linux (All)
: lowest normal
Assigned To: default user for a product
http://openclipart.org
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2005-06-22 00:51 UTC by Jon Phillips
Modified: 2006-09-06 18:13 UTC (History)
0 users

See Also:
i915 platform:
i915 features:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Jon Phillips 2005-06-22 00:51:16 UTC
It would be great to provide an RSS feed of new SVG's submitted by people. That
way we could have artcasting, right. This would be a great! 

Similarly, we could provide a daily RSS artcast that included a featured clip art.
Comment 1 Bryce Harrington 2005-10-26 23:36:26 UTC
From a security point of view I think this could be problematic.
Comment 2 Nicu Buculei 2005-10-26 23:50:20 UTC
This is NOT more problematic compared with the current display of the latest
uploads. The only difference: having it in RSS allow syndication.
Comment 3 Nathan Eady 2005-11-11 10:45:59 UTC
> This is NOT more problematic compared with the current display
> of the latest uploads.

Removing that was one of the security-related suggestions I had after the
recent security-related outage.  I agree that, security-wise, the two are
equivalent; whether we publish the recently-submitted images that have not
been reviewed and approved in any way via RSS, or simply via standard HTTP,
the risk is the same.  We should decide whether it's a risk we want to take
or not, and make the decision on both accordingly, i.e., either don't publish
incoming at all for security reasons, or else go ahead and have RSS 
syndication of incoming (if someone wants to implement it, a task I am
not volunteering to do).

I tend to think a compromise solution might be better, a system whereby
people who log in with usernames and passwords, so that there is some
accountability, can review incoming images, add or adjust keywords if 
necessary, and approve them, allowing them to then be moved from incoming
to another folder ("new" perhaps) and published from there.  Handing out
accounts for this (note that they wouldn't need to be shell accounts)
rather liberally would still provide better security than just publishing
unreviewed and anonymously-contributed files, because it allows for better
response in the event of an incident, and because the accountability would 
serve as a deterrent for some, and because it raises the bar a little in 
the first place, as an attacker would have to go to the trouble of 
requesting an account.

It does introduce a delay before a contributed item is published, though.
Comment 4 Jon Phillips 2006-09-01 09:35:37 UTC
This now works at www.openclipart.org/cchost