I think that is a valid fear but just want to point out that JavaScript injected onto Koha's staff side could already transmit confidential information to a third party, yet there is a section for JS on the wiki. Best, ERIC PHETTEPLACE Systems Librarian, Libraries (he/him) ephetteplace@cca.edu | o 510.594.3660 (cca) 5212 Broadway | Oakland, CA | 94618 CCA is situated on the traditional unceded lands of the Ohlone peoples. Black-owned bookstores in Oakland: Ashay by the Bay <https://ashaybythebay.com/>, Marcus Books <https://www.facebook.com/marcus.books/> :(){ :|: & };: On Mon, Nov 9, 2020 at 3:34 PM <dcook@prosentient.com.au> wrote:
I am concerned about adding backend scripts to the wiki. There's no reliable way to ensure those scripts would be correct, and it would be trivial for someone to inject malicious code into the scripts and have unsuspecting users run things which could damage/compromise their backend systems by copy/pasting and executing.
I fear that people would see it on the wiki and take that as an endorsement of those scripts.
David Cook Software Engineer Prosentient Systems 72/330 Wattle St Ultimo, NSW 2007 Australia
Office: 02 9212 0899 Online: 02 8005 0595
-----Original Message----- Date: Sun, 8 Nov 2020 08:15:40 +0000 From: "Renvoize, Martin" <martin.renvoize@ptfs-europe.com> To: rogan.hamby@gmail.com Cc: Koha <koha@lists.katipo.co.nz> Subject: Re: [Koha] koha script wiki Message-ID: < CAB7SL8B7tGQDss1zMJXXSZRubp9bJAGUtVBac7KAKcMsmmbnVA@mail.gmail.com> Content-Type: text/plain; charset="UTF-8"
By all means feel free to add a page to the wiki...
I do wonder, however, why don't you submit useful scripts to the project via bugzilla instead..? That way they would benefit from the many eyes of our signoff and quality assurance process, get documented as part of the standard documentation processes and be more accessible to end users?
Just some thoughts,
_______________________________________________
Koha mailing list http://koha-community.org Koha@lists.katipo.co.nz Unsubscribe: https://lists.katipo.co.nz/mailman/listinfo/koha