It would be great to provide an RSS feed of new SVG's submitted by people. That
way we could have artcasting, right. This would be a great!
Similarly, we could provide a daily RSS artcast that included a featured clip art.
From a security point of view I think this could be problematic.
This is NOT more problematic compared with the current display of the latest
uploads. The only difference: having it in RSS allow syndication.
> This is NOT more problematic compared with the current display
> of the latest uploads.
Removing that was one of the security-related suggestions I had after the
recent security-related outage. I agree that, security-wise, the two are
equivalent; whether we publish the recently-submitted images that have not
been reviewed and approved in any way via RSS, or simply via standard HTTP,
the risk is the same. We should decide whether it's a risk we want to take
or not, and make the decision on both accordingly, i.e., either don't publish
incoming at all for security reasons, or else go ahead and have RSS
syndication of incoming (if someone wants to implement it, a task I am
not volunteering to do).
I tend to think a compromise solution might be better, a system whereby
people who log in with usernames and passwords, so that there is some
accountability, can review incoming images, add or adjust keywords if
necessary, and approve them, allowing them to then be moved from incoming
to another folder ("new" perhaps) and published from there. Handing out
accounts for this (note that they wouldn't need to be shell accounts)
rather liberally would still provide better security than just publishing
unreviewed and anonymously-contributed files, because it allows for better
response in the event of an incident, and because the accountability would
serve as a deterrent for some, and because it raises the bar a little in
the first place, as an attacker would have to go to the trouble of
requesting an account.
It does introduce a delay before a contributed item is published, though.
This now works at www.openclipart.org/cchost
Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct.