Message183197
I have opened issue #17318 to try to specify the problem better. While I do think that catalogs are the correct fix for the validation use case (and thus would like to see something more out-of-the-box in that vein), the real trouble is that users are often unaware that they're sending requests to DTD URIs, so some combination of fixes in default behavior and/or documentation is definitely needed.
The external_ges feature does help, in a way, but is poorly communicated to new users, and moreover does not respect the difference between external DTD subsets and external general entities (there's a reason "DOCTYPE" isn't spelled "ENTITY").
The default behavior is not well documented, and the constraining behavior of DTDs is frequently unnecessary. Either a user should have to explicitly enable validation, or it should be irrevocably obvious to a user that validation is the default behavior, and in both cases it should be blatantly documented that validation may cause network side effects. I think the input has been reasonable all around, and yet I find it rather insane that this issue didn't eventually at least result in a documentation fix, thanks to what looks like push-back for push-back's sake, though I will gladly admit the conclusion that it was underspecified is entirely valid.
Anyway, further info in the new issue... |
|
Date |
User |
Action |
Args |
2013-02-28 01:32:10 | rsandwick3 | set | recipients:
+ rsandwick3, loewis, akuchling, pboddie, exarkun, ajaksu2, vdupras, damien, BreamoreBoy, Brian.Visel |
2013-02-28 01:32:10 | rsandwick3 | set | messageid: <1362015130.45.0.48223784214.issue2124@psf.upfronthosting.co.za> |
2013-02-28 01:32:10 | rsandwick3 | link | issue2124 messages |
2013-02-28 01:32:09 | rsandwick3 | create | |
|