Re: A media type for the machine-readable copyright format ?
On Tue, Sep 11, 2012 at 08:10:18AM +0900, Charles Plessy wrote: here is the information that I consider submitting to the IANA. Hi Charles, thanks for taking care of this! I'm no expert in the sort of document you're submitting, but to my layman eyes all seem good. Person email address to contact for further information: Charles Plessy ple...@debian.org […] Change controller: The Debian Project http://www.debian.org I wonder if the contact address shouldn't be something less tied to project individuals, like for instance debian-project@lists.d.o. Given there is already a separation between this and the author field (allowing to give proper credit to who worked on the application), I think it'd be better to have as contact point some role address of sort. What do you think? -- Stefano Zacchiroli . . . . . . . z...@upsilon.cc . . . . o . . . o . o Maître de conférences . . . . . http://upsilon.cc/zack . . . o . . . o o Debian Project Leader . . . . . . @zack on identi.ca . . o o o . . . o . « the first rule of tautology club is the first rule of tautology club » signature.asc Description: Digital signature
Re: A media type for the machine-readable copyright format ?
Le Tue, Sep 11, 2012 at 08:51:24AM +0200, Stefano Zacchiroli a écrit : On Tue, Sep 11, 2012 at 08:10:18AM +0900, Charles Plessy wrote: here is the information that I consider submitting to the IANA. Person email address to contact for further information: Charles Plessy ple...@debian.org […] Change controller: The Debian Project http://www.debian.org I wonder if the contact address shouldn't be something less tied to project individuals, like for instance debian-project@lists.d.o. Given there is already a separation between this and the author field (allowing to give proper credit to who worked on the application), I think it'd be better to have as contact point some role address of sort. What do you think? Hi Stefano and debian-policy@lists.d.o subscribers, I was wondering about the same, but I was worried that having a broad-readership mailing list as a contact point would create confusion about who is expected to answer. How about debian-policy@lists.d.o ? It is anyway the contact point for the specification itself. Cheers, -- Charles Plessy Debian Med packaging team, http://www.debian.org/devel/debian-med Tsurumi, Kanagawa, Japan -- To UNSUBSCRIBE, email to debian-project-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20120911074152.ga20...@falafel.plessy.net
Re: A media type for the machine-readable copyright format ?
On Mon, Sep 10, 2012 at 04:45:53PM -0700, Russ Allbery wrote: - About security, the discussion on debian-devel leads me to think that there is no need to worry. I included a short comment suggesting that field values should be sanitised as usual. Does anybody see other potential security issues ? No, your security considerations seem reasonable to me. While it is probably very reasonable to do sanity checks as usual the as usual is a hint that the phrase might be redundant. It somehow has the value as People parsing debian/copyright should know their job. As I said in a previous mail the attacker is the same person (group of persons) who writes debian/copyright *and* all the other packaging stuff - so he would attack himself. Just my 2 Eurocents Andreas. -- http://fam-tille.de -- To UNSUBSCRIBE, email to debian-project-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20120911075026.gc14...@an3as.eu
Re: A media type for the machine-readable copyright format ?
On Tue, Sep 11, 2012 at 04:41:52PM +0900, Charles Plessy wrote: I wonder if the contact address shouldn't be something less tied to project individuals, like for instance debian-project@lists.d.o. Given there is already a separation between this and the author field (allowing to give proper credit to who worked on the application), I think it'd be better to have as contact point some role address of sort. What do you think? Hi Stefano and debian-policy@lists.d.o subscribers, I was wondering about the same, but I was worried that having a broad-readership mailing list as a contact point would create confusion about who is expected to answer. How about debian-policy@lists.d.o ? It is anyway the contact point for the specification itself. Hi again Charles, in fact the above is a typo of mine :-). debian-*policy*@lists.d.o is in fact what I wanted to propose. Sorry for the confusion. Cheers. -- Stefano Zacchiroli . . . . . . . z...@upsilon.cc . . . . o . . . o . o Maître de conférences . . . . . http://upsilon.cc/zack . . . o . . . o o Debian Project Leader . . . . . . @zack on identi.ca . . o o o . . . o . « the first rule of tautology club is the first rule of tautology club » signature.asc Description: Digital signature
Re: A media type for the machine-readable copyright format ?
Charles Plessy ple...@debian.org writes: I was wondering about the same, but I was worried that having a broad-readership mailing list as a contact point would create confusion about who is expected to answer. How about debian-policy@lists.d.o ? It is anyway the contact point for the specification itself. That works for me. -- Russ Allbery (r...@debian.org) http://www.eyrie.org/~eagle/ -- To UNSUBSCRIBE, email to debian-project-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/87sjaomv6s@windlord.stanford.edu
Re: A media type for the machine-readable copyright format ?
Le Tue, Sep 11, 2012 at 09:50:26AM +0200, Andreas Tille a écrit : On Mon, Sep 10, 2012 at 04:45:53PM -0700, Russ Allbery wrote: - About security, the discussion on debian-devel leads me to think that there is no need to worry. I included a short comment suggesting that field values should be sanitised as usual. Does anybody see other potential security issues ? No, your security considerations seem reasonable to me. While it is probably very reasonable to do sanity checks as usual the as usual is a hint that the phrase might be redundant. It somehow has the value as People parsing debian/copyright should know their job. Hi Andreas and everybody, In my understanding of http://tools.ietf.org/html/rfc4288#section-4.6, this is what is expected for this section. For a broad readership, the recommendation is not completely tautological, as it indicates that there are best practices for input sanitisation (which may not be the case for more complex or novel security issues). To help convey this message, I changed « and » to « to » in the last sentence: Parsers should therefore follow general practices to sanitise their input. I have requested a pre-submission review to media-ty...@iana.org. http://lists.debian.org/20120912004203.gd5...@falafel.plessy.net This is not the formal submission so further comments are still very welcome in this thread. Cheers, -- Charles Plessy Tsurumi, Kanagawa, Japan -- To UNSUBSCRIBE, email to debian-project-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20120912004826.ge5...@falafel.plessy.net
