[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

New canonicalization functions [was: Subversion Exception!]

From: Branko Čibej <brane_at_apache.org>
Date: Fri, 14 Dec 2018 16:01:09 +0100

On 13.12.2018 17:00, Branko Čibej wrote:
> On 13.12.2018 16:53, Michael Pilato wrote:
>> On 12/13/18 10:45 AM, Branko Čibej wrote:
>>> Uh. I forgot about the malfunction handler. However this doesn't really
>>> help, other than putting possibly sensitive paths into the crash handler
>>> info? We really shouldn't do it this way, users *will* just copy and
>>> paste the output tot he 'net.
>> Ahem. What Grandpa *meant* to say was:
>>
>> "Oh, cool! So there _is_ a way to report the non-canonical path.
>> Thanks for figuring this out, Julian! Unfortunately, it comes at a
>> cost, namely that of revealing potentially sensitive paths in the output
>> which I strongly suspect will get copied and paste to the 'net. If we
>> could mitigate that part of it, this might turn out to be truly beneficial."
>
> Well, no, I meant to say exactly what I said. But if I were in a
> politically correct fame of mind, then I might have said something like
> what you wrote.
>
> Re FUD: it's not just paths, it's also URLs, and people do consider one
> or the other sensitive. Of course ... in the end that's no worse than
> printing paths or URLs in error messages.
>
> I still think we should add canonicalisation functions that validate
> their own output.

r1848943, for review. Obviouisly we'd have to start using these in our
own code for them to be any good, but TSVN could use them, too. Doing
that is independent of changing the is-canonical assertions as Johan and
Julian suggested.

-- Brane
Received on 2018-12-14 16:01:23 CET

This is an archived mail posted to the Subversion Dev mailing list.