On Fri, Jan 27, 2006 at 10:59:34PM +0100, Martin Schulze wrote:
> Daniel Kobras wrote:
> > > Gnah. You are correct. I'm extending the list of forbidden characters
> > > by $().
> >
> > Upstream has reverted the blacklist and instead went for an improved
> > version of the symlink fix I added to ImageMagick in unstable. The patch
> > is more involved, but also more robust and doesn't impose limits on
> > allowed filenames. If you're interested I can extract the changes from
> > upstream SVN.
>
> I've sen your patch and decided against it since it is quite intrusive.
> The blacklist approach should be sufficient for the updates in our stable
> releases.
Yes, but then '(' and ')' are quite commonly found in filenames, so
someone might trip over this change. The previous fix for CAN-2005-0397
already partially broke support for movies and multi-layered images, so
I'm not that happy seeing even more functionality taken away. Hm, how
about we go with the quick fix for now, and I'll prepare a slightly more
complex but less user-visible patch for proposed-updates that you can
review later with your SRM hat on?
On Fri, Jan 27, 2006 at 10:59:34PM +0100, Martin Schulze wrote:
> Daniel Kobras wrote:
> > > Gnah. You are correct. I'm extending the list of forbidden characters
> > > by $().
> >
> > Upstream has reverted the blacklist and instead went for an improved
> > version of the symlink fix I added to ImageMagick in unstable. The patch
> > is more involved, but also more robust and doesn't impose limits on
> > allowed filenames. If you're interested I can extract the changes from
> > upstream SVN.
>
> I've sen your patch and decided against it since it is quite intrusive.
> The blacklist approach should be sufficient for the updates in our stable
> releases.
Yes, but then '(' and ')' are quite commonly found in filenames, so
someone might trip over this change. The previous fix for CAN-2005-0397
already partially broke support for movies and multi-layered images, so
I'm not that happy seeing even more functionality taken away. Hm, how
about we go with the quick fix for now, and I'll prepare a slightly more
complex but less user-visible patch for proposed-updates that you can
review later with your SRM hat on?
Regards,
Daniel.