garydgregory commented on PR #428: URL: https://github.com/apache/commons-codec/pull/428#issuecomment-4230041141
> The sanitization of . and .. segment paths, with are not allowed. These segments do no appear naturally, when traversing a Path. A . segment, however, could appear in some archives: should we allow it? A .. segment, however, has no place in a non-malicious archive and I don't think implementing path normalization logic here is appropriate: what do you think? If normalizing `.` has 0% chance of malicious side-effects (symbolic link?) then we should normalize it. Isn't that the case? > TreeIdBuilder does not have a fluent API. I think we can go YAGNI here. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
