docs: no contributions/donations, add security model + Collabst + ecosystem support
Build and Deploy Verso / deploy (push) Successful in 15m37s
Build and Deploy Verso / deploy (push) Successful in 15m37s
- Remove Contributing section (not accepting PRs/issues) - Add Security model section: Verso is for trusted environments only; point untrusted-user use cases at Overleaf non-Community offerings - Mention Collabst as a promising open-source Typst-only alternative in the Verso vs Typst.app comparison - Add Supporting the ecosystem section redirecting to Overleaf (Typst + RevealJS work) and the Typst project instead of Verso donations Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
claude
@@ -66,6 +66,11 @@ Verso differs in that:
|
||||
gracefully for long documents.
|
||||
- It ships with a full **project history** and version-restore workflow.
|
||||
|
||||
If you only need Typst and want a lighter, Typst-focused alternative, have a look
|
||||
at **[Collabst](https://github.com/herluf-ba/collabst)** — an open-source,
|
||||
self-hosted collaborative Typst editor that is independent of the Overleaf
|
||||
codebase and shows a lot of promise.
|
||||
|
||||
---
|
||||
|
||||
## Features
|
||||
@@ -145,6 +150,24 @@ Refinements to the Typst editor and the format badge system:
|
||||
|
||||
---
|
||||
|
||||
## Security model — trusted environments only
|
||||
|
||||
Verso is designed for **closed groups of trusted users** (a lab, a class, a small
|
||||
team). All three compilers can execute arbitrary code on the server:
|
||||
|
||||
- LaTeX with shell-escape enabled can run system commands.
|
||||
- Quarto Python cells execute Python code directly.
|
||||
- Typst's scripting layer is sandboxed by design, but runs server-side.
|
||||
|
||||
There is **no per-project sandbox or resource isolation** beyond what the
|
||||
operating system provides. Exposing Verso to the public internet with
|
||||
open registration is not recommended. If you need to host a collaborative
|
||||
LaTeX/Typst editor for untrusted users or at scale, look at
|
||||
[Overleaf's non-Community offerings](https://www.overleaf.com/for/enterprises),
|
||||
which include proper sandboxing and enterprise access controls.
|
||||
|
||||
---
|
||||
|
||||
## Quick start
|
||||
|
||||
### With Docker
|
||||
@@ -235,11 +258,20 @@ Verso is not affiliated with Overleaf Ltd.
|
||||
|
||||
---
|
||||
|
||||
## Contributing
|
||||
## Supporting the ecosystem
|
||||
|
||||
Open an issue or pull request on the
|
||||
[Verso repository](https://git.alocoq.fr/alois/verso). The upstream Overleaf
|
||||
contribution guidelines are in [CONTRIBUTING.md](CONTRIBUTING.md).
|
||||
Verso is not accepting contributions or donations at this time. If you find it
|
||||
useful and want to support the broader ecosystem it builds on:
|
||||
|
||||
- **Support Overleaf** — Overleaf is actively working on
|
||||
[Typst support](https://www.overleaf.com/blog/overleaf-and-typst) and
|
||||
RevealJS presentation features. The best way to support their work is to use
|
||||
or subscribe to [Overleaf](https://www.overleaf.com) and encourage your
|
||||
institution to do the same.
|
||||
- **Support Typst** — [Typst GmbH](https://typst.app) is the company behind the
|
||||
Typst compiler. Using Typst.app or sponsoring the
|
||||
[Typst project on GitHub](https://github.com/typst/typst) helps sustain the
|
||||
language itself.
|
||||
|
||||
---
|
||||
|
||||
|
||||
Reference in New Issue
Block a user