| 1 |
Explicitly specify XML 1.0 and link to the specification. Forbid |
| 2 |
"external markup declarations" and processing DTDs to secure against |
| 3 |
common XML attacks. |
| 4 |
|
| 5 |
Signed-off-by: Michał Górny <mgorny@g.o> |
| 6 |
--- |
| 7 |
glep-0068.rst | 21 ++++++++++++++------- |
| 8 |
1 file changed, 14 insertions(+), 7 deletions(-) |
| 9 |
|
| 10 |
The only change from v1 is bumping version to 1.3, as discussed |
| 11 |
in #gentoo-council. |
| 12 |
|
| 13 |
diff --git a/glep-0068.rst b/glep-0068.rst |
| 14 |
index 78ac7ea..6790e91 100644 |
| 15 |
--- a/glep-0068.rst |
| 16 |
+++ b/glep-0068.rst |
| 17 |
@@ -4,10 +4,10 @@ Title: Package and category metadata |
| 18 |
Author: Michał Górny <mgorny@g.o> |
| 19 |
Type: Standards Track |
| 20 |
Status: Final |
| 21 |
-Version: 1.2 |
| 22 |
+Version: 1.3 |
| 23 |
Created: 2016-03-14 |
| 24 |
-Last-Modified: 2022-05-22 |
| 25 |
-Post-History: 2016-03-16, 2018-02-20, 2022-05-22 |
| 26 |
+Last-Modified: 2022-10-13 |
| 27 |
+Post-History: 2016-03-16, 2018-02-20, 2022-05-22, 2022-10-07 |
| 28 |
Content-Type: text/x-rst |
| 29 |
Requires: 67 |
| 30 |
Replaces: 34, 46, 56 |
| 31 |
@@ -59,10 +59,14 @@ Metadata files |
| 32 |
-------------- |
| 33 |
|
| 34 |
This specification provides two kinds of metadata files: category metadata |
| 35 |
-files and package metadata files. Both kinds of files use XML file format |
| 36 |
-with structure defined in this GLEP. The XML structure does not use |
| 37 |
-a namespace and must not contain any elements outside the scope of this |
| 38 |
-specification. |
| 39 |
+files and package metadata files. Both kinds of files use the XML 1.0 file |
| 40 |
+format [#XML10]_. They must not use external markup declarations, as defined |
| 41 |
+in the XML specification. While they may reference or include a DTD, the parser |
| 42 |
+must not fetch or process it. |
| 43 |
+ |
| 44 |
+The data structure of metadata files is defined in this GLEP. The elements |
| 45 |
+and attributes do not use namespaces. Conforming files must not contain |
| 46 |
+any elements or attributes that are not defined in this specification. |
| 47 |
|
| 48 |
Category metadata files are named ``metadata.xml`` and located inside category |
| 49 |
directories in an ebuild repository. Their structure is described |
| 50 |
@@ -516,6 +520,9 @@ References |
| 51 |
.. [#METADATA-DTD] The original metadata.dtd file |
| 52 |
https://gitweb.gentoo.org/data/dtd.git/tree/metadata.dtd?id=a908a93b5afe295359e0a01814c9bef8b5268bcd |
| 53 |
|
| 54 |
+.. [#XML10] Extensible Markup Language (XML) 1.0 (Fifth Edition) |
| 55 |
+ https://www.w3.org/TR/xml/ |
| 56 |
+ |
| 57 |
.. [#BCP-47] BCP 47: "Tags for identifying languages", |
| 58 |
https://tools.ietf.org/rfc/bcp/bcp47.txt |
| 59 |
|
| 60 |
-- |
| 61 |
2.38.0 |
Archives