[gentoo-dev] [PATCH 0/2] glep-0068: Stricten the XML format
From
=?UTF-8?q?Micha=C5=82=20G=C3=B3rny?@21:1/5 to
All on Sat Oct 8 08:50:01 2022
Hi,
The spec is a bit lax about the XML features allowed. However, we don't
really expect people to use fancy features like custom entities,
XInclude, etc. Let's formally stricten the spec to disallow anything
remote or potentially dangerous to at least protect implementations
from the most common XML security problems.
While at it, let's make it clear that while we don't permit elements
outside the spec in metadata.xml files, we may add new elements or
attributes in future versions.
I'm not sure whether we should be increasing the version number here.
On one hand, the change roughly matches the original intent (i.e. no metadata.xml files should be broken by it, and implementation should not
have been processing external DTDs or anything like that anyway).
On the other, technically speaking the new version is more restrictive
than the old one, so a major version bump would be correct.
WDYT?
Michał Górny (2):
glep-0068: Clarify and restrict XML data format
glep-0068: Indicate that unknown elements should be ignored
glep-0068.rst | 21 +++++++++++++++------
1 file changed, 15 insertions(+), 6 deletions(-)
--
2.38.0
--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)