Forum: >>> Magnum BBS <<<

Dark
Log in

Username Password

[gentoo-dev] [PATCH v2 1/2] glep-0068: Clarify and restrict XML data fo

From =?UTF-8?q?Micha=C5=82=20G=C3=B3rny?@21:1/5 to All on Thu Oct 13 07:00:02 2022

Explicitly specify XML 1.0 and link to the specification. Forbid
"external markup declarations" and processing DTDs to secure against
common XML attacks.

Signed-off-by: Michał Górny <mgorny@gentoo.org>
---
glep-0068.rst | 21 ++++++++++++++-------
1 file changed, 14 insertions(+), 7 deletions(-)

The only change from v1 is bumping version to 1.3, as discussed
in #gentoo-council.

diff --git a/glep-0068.rst b/glep-0068.rst
index 78ac7ea..6790e91 100644
--- a/glep-0068.rst
+++ b/glep-0068.rst
@@ -4,10 +4,10 @@ Title: Package and category metadata
Author: Michał Górny <mgorny@gentoo.org>
Type: Standards Track
Status: Final
-Version: 1.2
+Version: 1.3
Created: 2016-03-14
-Last-Modified: 2022-05-22
-Post-History: 2016-03-16, 2018-02-20, 2022-05-22
+Last-Modified: 2022-10-13
+Post-History: 2016-03-16, 2018-02-20, 2022-05-22, 2022-10-07
Content-Type: text/x-rst
Requires: 67
Replaces: 34, 46, 56
@@ -59,10 +59,14 @@ Metadata files
--------------

This specification provides two kinds of metadata files: category metadata -files and package metadata files. Both kinds of files use XML file format -with structure defined in this GLEP. The XML structure does not use
-a namespace

From =?UTF-8?q?Micha=C5=82=20G=C3=B3rny?@21:1/5 to All on Thu Oct 13 07:00:02 2022

As originally stated, the GLEP did not permit extending the format.
Let's relax the requirement to conforming files but indicate that
the parsers should ignore unknown (i.e. future) elements.

Signed-off-by: Michał Górny <mgorny@gentoo.org>
---
glep-0068.rst | 2 ++
1 file changed, 2 insertions(+)

diff --git a/glep-0068.rst b/glep-0068.rst
index 6790e91..0906d3c 100644
--- a/glep-0068.rst
+++ b/glep-0068.rst
@@ -67,6 +67,8 @@ must not fetch or process it.
The data structure of metadata files is defined in this GLEP. The elements
and attributes do not use namespaces. Conforming files must not contain
any elements or attributes that are not defined in this specification. +However, parsers should ignore any unknown elements or attributes in order
+to permit future extension.

Category metadata files are named ``metadata.xml`` and located inside category
directories in an ebuild repository. Their structure is described
--
2.38.0

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Who's Online
Recent Visitors
- Guest
  Wed Jan 15 06:29:08 2025
  from /bin/busybox Cat /proc/self/ex via Raw
- Guest
  Wed Jan 15 02:17:27 2025
  from /bin/busybox Cat /proc/self/ex via Raw
- Keyop
  Tue Jan 14 23:13:56 2025
  from Huddersfield, West Yorkshire via SSH
- Bob Worm
  Tue Jan 14 21:42:40 2025
  from Wales, Uk via Telnet
- Guest
  Tue Jan 14 09:13:19 2025
  from /bin/busybox Cat /proc/self/ex via Raw
- Bob Worm
  Tue Jan 14 07:58:29 2025
  from Wales, Uk via Telnet
- Guest
  Tue Jan 14 07:27:58 2025
  from /bin/busybox Cat /proc/self/ex via Raw
- Guest
  Tue Jan 14 02:15:49 2025
  from /bin/busybox Cat /proc/self/ex via Raw

System Info

Sysop:	Keyop
Location:	Huddersfield, West Yorkshire, UK
Users:	399
Nodes:	16 (2 / 14)
Uptime:	101:19:07
Calls:	8,363
Calls today:	2
Files:	13,165
Messages:	5,897,912