Jeffrey Walton <[email protected]> writes: > On Tue, Sep 16, 2025 at 11:04 AM Lawrence Velázquez <[email protected]> wrote: >> >> On Tue, Sep 16, 2025, at 1:23 AM, Collin Funk wrote: >> > If there is a discussion on the POSIX bug tracker to make it a >> > requirement, we can revisit it then, and likely voice objections there. >> >> I think your input would hold some weight, as the suggestion was >> largely driven by one individual who tends to view the standard as >> prescriptive rather than descriptive. The initial proposal was >> rather more radical. > > I'm not sure I would use the word 'radical.' It seems rather > polarizing, and it seems like a word I would expect to see on social > media as opposing parties sling their views in an effort to make > things as divisive as possible to drive views and likes. That did not > seem to be David Wheeler's intent. > > Wheeler's submission seems to be more practical and founded in a rich > history of bugs when processing filenames. From the description: > > POSIX.1-2008 page 60 lines 1781-1786 states that filenames (aka > "pathname component") may contain all characters except <slash> and the > null byte, and this has historically been true. However, this excessive > permissiveness has resulted in numerous security vulnerabilities and > erroneous programs. It also increases the effort to write correct > programs, because correctly processing filenames that include > characters like newline is very difficult (even the expert POSIX > developers have trouble; see 0000248)...
I'm not sure if they meant "radical" with that negative connotation. But I can see how it is read that way, and hope that was not the intent. David Wheeler always has well-reasoned proposals, including this one. I don't mind the recommendation, but I don't like the idea of it being mandatory behavior. Our considerations are just slightly different than the security issues that he brings up. Collin
