[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: lilypond & wikipedia
From: |
Graham Percival |
Subject: |
Re: lilypond & wikipedia |
Date: |
Mon, 2 Feb 2009 08:51:12 +0800 |
User-agent: |
Mutt/1.5.18 (2008-05-17) |
On Mon, Feb 02, 2009 at 12:26:02AM +0100, Werner LEMBERG wrote:
>
> Tim Starling, one of the main wikipeda software developers, says:
>
> My understanding is that
>
> a) safe mode is not secure, being trivially DoS-able by short
> infinite loop scripts
As it currently stands, yes.
> b) safe mode will not work for many of the free scores available on
> the web
Depends what you mean by "will not work". Almost every score (or
perhaps even *every* score) can be produced without any scheme.
Whether or not most current free .ly files use (or do not use) any
scheme is a separate question.
> The problems with LilyPond are sufficiently severe that I have, from
> time to time, researched alternative music renderers such as
> Philip's Music Writer that don't have an embedded scripting
> language.
>
> Anyone who can shed more light on the raised issues?
I doubt I can explain anything technical about lilypond that you
don't already know, but from an organizational standpoint I can
say this: if there's sufficient interest, it could be done.
Assign two Frogs to the task:
- one person ensures that lilypond input without **any** scheme
will always end in a reasonable amount of time.
- one person modifies --safe. I'm sure that we can whitelist a
few more commands (IIRC changing the paper size is not "safe").
But we'll certainly need to remove much of the more basic stuff.
Part of the --safe job might be to add more predefined scheme to
our predefined tweaks (similar to the "lilypond elegance" stuff).
For example, generic loops would need to go from --safe, so this
would eliminate many tweaks. But if we added a
#(for-all-notes-in-expression ...) function, *and* ensured that
this function couldn't call itself, we might be able to keep some
chunk of functionality while being more secure.
Then again, we can use a lot of resources just by doing:
\repeat 1234567789 { c''''8. c,,,,,16 \times 2/3{ c cis cisis } c2 }
Maybe we could insist that --safe only produces 1 page of score?
... trying to keep lilypond within certain CPU-time limits is
going to be hard. :(
Cheers,
- Graham