On Tue, Jun 26, 2012 at 01:39:19PM +0100, Phil Holmes wrote: > It must be possible to check that the snippets extracted from the > tarball do not contain new snippets which contain dangerous commands > - for example #'(system "rm -rf /"). It would be possible to use > git/gitk to check for changes, but it may be preferable to have a > script similar to the one used in makelsr.py to run lilypond in safe > mode to assist identifying snippets containing system commands. ... > Note that makelsr.py already does much of the processing required > above - all that is needed is to remove some functionality.
Yes, but git is still needed so that the LSR guy only needs to look at changes to the "unsafe" files. I think you already knew this, but I wanted to get this "on the record". Could you identify the functionality that needs removing from makelsr.py ? Other than "save files to $BUILD/.../ instead of Documentration/snippets/", it's not clear what needs to be cut. > The build process is then used to update, add translations and put > the resulting snippets into > $(top-build-dir)/Documentation/snippets/out. I suggest that the > make command should be 'make snippets' and that this is also run as > part of the normal make. It doesn't seem to make sense to me for it > to run as part of make doc as well, since make is a required > pre-cursor of make doc. I'd assume that "snippets" should be a dependency of "doc". I don't think it should be a dependency of "make", since programmers won't want to recompile a bunch of snippets all the time. (testing is done via the regtests, not the doc build) Everything else looks great. - Graham _______________________________________________ lilypond-devel mailing list lilypond-devel@gnu.org https://lists.gnu.org/mailman/listinfo/lilypond-devel
