[vlc-devel] [lua] Proposal for a standard-included playlistscript...

Mirsal Ennaime mirsal at videolan.org
Mon Aug 20 14:48:33 CEST 2012


Hello John,

On Fri, 2012-08-17 at 09:28 -0500, John Oyler wrote:
> Install this: http://75.109.71.79:8000/~john/spacepotato/spacepotato.lua
> Then open this: http://75.109.71.79:8000/~john/spacepotato/
>
> As for securing lua, I've already got that figured out. Supposing I can convince
> everyone here, the trick would be to have the downloader script md5 the file
> and check back to a webapp at http://videolan.org whether this md5 is trusted.
> If it is, it installs it, if not, it discards it.
> 
> While this would still require some review, at least some of the scripts could
> be set as trusted by an automatic process... a safe script would be one that
> only returns true in probe() for a single specific web address that also happens
> to be new (and not someone trying to hijack youtube.com), and one that
> doesn't make use of the filesystem access or other unsafe statements.

The scripts would have to be reviewed the same way as in the usual
process for applying patches.

Having lots of new scripts added might trigger the decision to make a
minor release quicker, which users willing so will get through their
regular update channel (either with the update checker on windows or via
their os distributors' regular channel)

IMVHO, short-cutting any step of the release process for lua scripts
isn't any more relevant than for other code.

Best,

-- 
mirsal 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 490 bytes
Desc: This is a digitally signed message part
URL: <http://mailman.videolan.org/pipermail/vlc-devel/attachments/20120820/5e1c4173/attachment.sig>


More information about the vlc-devel mailing list