On 3/14/2011 6:31 PM, Guenter Knauf wrote: > I think since we agree that we have a bug with APR + we have a working fix > for it we > should go with the fix and backport it to all branches for now. Sure I agree > with you that > we should always look for root causes rather than intruducing workarounds
Sorry, totally disagree when you talk about any parsers. They tend to be the root of most security issues and nearly all interop problems. As I said *Saturday* to no objections, I would plow through all such issues over the course of this week. So, no, I disagree with applying this without thinking it through (if someone is using this to compare canonical paths, the new 'feature' introduces a security hole, and if this was a problem in the past, it may represent already existing security holes in the consumer). It's actually third on my apr-plate, meaning this now distracts me from finishing my review of all these single unix specs and legacy behaviors for the undefined bits to ensure my fnmatch optimization logic is correct. So please, don't backport until this coming Saturday, if Bert and I haven't found a better resolution. kthx