On 13.12.2018 16:53, Michael Pilato wrote:
> On 12/13/18 10:45 AM, Branko Čibej wrote:
>> Uh. I forgot about the malfunction handler. However this doesn't really
>> help, other than putting possibly sensitive paths into the crash handler
>> info? We really shouldn't do it this way, users *will* just copy and
>> paste the output tot he 'net.
> Ahem. What Grandpa *meant* to say was:
> "Oh, cool! So there _is_ a way to report the non-canonical path.
> Thanks for figuring this out, Julian! Unfortunately, it comes at a
> cost, namely that of revealing potentially sensitive paths in the output
> which I strongly suspect will get copied and paste to the 'net. If we
> could mitigate that part of it, this might turn out to be truly beneficial."
Well, no, I meant to say exactly what I said. But if I were in a
politically correct fame of mind, then I might have said something like
what you wrote.
Re FUD: it's not just paths, it's also URLs, and people do consider one
or the other sensitive. Of course ... in the end that's no worse than
printing paths or URLs in error messages.
I still think we should add canonicalisation functions that validate
their own output.
Received on 2018-12-13 17:00:43 CET