| 1 |
Hi, |
| 2 |
|
| 3 |
Ok, so before we get into this deeper, here's another option we've been |
| 4 |
discussing. Let's drop the non-strict mode entirely, drop OPTIONAL |
| 5 |
and keep MISC as deprecated-used-to-have-special-meaning alias to DATA. |
| 6 |
|
| 7 |
This is going to make a lot of things simpler, and avoid having the very |
| 8 |
long discussion on what should be MISC and what not. Especially given |
| 9 |
that the specific definition of MISC makes little sense as-is. |
| 10 |
|
| 11 |
|
| 12 |
Two reasons have been mentioned for having non-strict mode: |
| 13 |
|
| 14 |
1. Stripping some of non-strictly necessary files to reduce repository |
| 15 |
size. However: |
| 16 |
|
| 17 |
1a. Stripping of files that we can mark MISC is not going to do much. |
| 18 |
Most of the time, people would strip whole categories or other data we |
| 19 |
can't really mark MISC, so they will need a different solution anyway. |
| 20 |
|
| 21 |
1b. That's just an argument for allowing them to be missing. There's no |
| 22 |
clear reason why they would have different content, and it doesn't have |
| 23 |
much sense to allow it implicitly. |
| 24 |
|
| 25 |
1c. Those files can still be means of doing some kind of attacks -- |
| 26 |
starting with misinformation resulting in the user reducing security of |
| 27 |
his systems, ending with attacks e.g. exploiting XML parser |
| 28 |
vulnerabilities. |
| 29 |
|
| 30 |
2. Allowing different content for cache-class files that can be updated |
| 31 |
on user's end (e.g. md5-cache, use.local.desc...). However: |
| 32 |
|
| 33 |
2a. We can't really do this for md5-cache since it clearly can be |
| 34 |
abused. |
| 35 |
|
| 36 |
2b. Again, it makes little sense since we took special care that all |
| 37 |
those tools have stable output. |
| 38 |
|
| 39 |
|
| 40 |
All that said, if we really have a problem that needs solving here, I'm |
| 41 |
not convinced MISC is the right solution for it. If people need to |
| 42 |
explicitly exclude stuff, then I suppose the configuration-injected |
| 43 |
ignore list is much better solution for this. |
| 44 |
|
| 45 |
-- |
| 46 |
Best regards, |
| 47 |
Michał Górny |
Archives