Re: [IANA #616232] Registration of text/vnd.debian.copyright: a media type for machine-readable copyright files.
Le Wed, Oct 17, 2012 at 08:08:08PM -0700, Russ Allbery a écrit :
> >
> > Optional parameters:
> > revision - the revision number of the specification (digits.digits).
>
> Yup, that looks right.
> > The comment or license fields may be used to quote discussions where
> > redistribution terms have been clarified. There is no formal
> > mechanism to signal that a proper permission has been given to quote
> > the discussion if it was private.
>
> > The machine-readable debian/copyright file format does not feature
> > mechanisms to ensure the integrity of the file. Consider using secure
> > transport when needed.
>
> > I am not sure how the first paragraph is needed. What do you think ?
>
> I think that's an obscure enough case that it's not horribly important. I
> would just say something like:
>
> This media type has no special privacy considerations.
>
> For the last, I would add "or a digital signature" after "secure
> transport," since if Debian ever needed to guarantee integrity of the
> file, that's probably the mechanism that we'd use.
Thanks for the feedback. I resubmitted the attached document.
Cheers,
--
Charles Plessy
Tsurumi, Kanagawa, Japan
Type name:
text
Subtype name:
vnd.debian.copyright
Required parameters:
charset - the value of charset is always UTF-8.
Optional parameters:
revision - the revision number of the specification (digits.digits).
Encoding considerations:
The encoding is always UTF-8.
Security considerations:
The machine-readable debian/copyright file format is declarative
and does not cause commands to be executed. However, some programs
that parse it may execute commands containing values of some fields.
Therefore an attacker may exploit some security flaws in such programs.
Parsers should therefore follow general practices to sanitise their
input.
The machine-readable debian/copyright file format does not feature
mechanisms to ensure the integrity of the file. Consider using secure
transport or a digital signature when needed.
This media type has no special privacy considerations.
Interoperability considerations:
This media type is a subtype of text/plain in the sense of the
FreeDesktop Shared MIME-info Database specification.
Published specification:
http://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
Applications that use this media type:
The media type vnd.debian.copyright is not yet recognised by
applications. The machine-readable debian/copyright file format
is for instance read and written by the 'cme' command from the
Config::Model Perl module. This list is not exhaustive.
Additional information:
Deprecated alias names for this type:
None.
Magic number(s):
Files usually start with the following string:
Format: http://www.debian.org/doc/packaging-manuals/copyright-format/
File extension(s):
No extension, but the file is usually named 'copyright'.
Macintosh file type code(s):
None.
Person & email address to contact for further information:
The Debian Policy mailing list <debian-policy@lists.debian.org>
Intended usage:
LIMITED USE
Restrictions on usage:
None.
Author:
Charles Plessy <plessy@debian.org>
Change controller:
The Debian Project <http://www.debian.org>
-------------------------------------------------------------------------
Best regards,
--
Charles Plessy
Tsurumi, Kanagawa, Japan
Reply to: