Re: A media type for the machine-readable copyright format ?
Dear all,
here is the information that I consider submitting to the IANA.
By the way, I realised that the procedure for registration of media types is
being updated. Among the changes in this draft, early submission of media
types is encouraged, the use of unregistered (x.) prefixes is reduced, and x-
prefixes are no longer considered to be members of the unregistered tree.
These x-prefixed types may be registered with no x- prefix if they are
generally useful and widely deployed.
See http://datatracker.ietf.org/doc/draft-ietf-appsawg-media-type-regs/
I have the following questions about my draft (see below).
- Is a charset parameter helpful in the cases a program would fall back on
text/plain, or is it useless or confusiong as the machine-readable copyright
spec already requires files to be encoded in UTF-8 ?
- Would an optional parameter "revision" be useful, or is this premature ?
- About security, the discussion on debian-devel leads me to think that
there is no need to worry. I included a short comment suggesting that
field values should be sanitised as usual. Does anybody see other potential
security issues ?
-------------------------------------------------------------------------
Type name:
text
Subtype name:
vnd.debian.copyright
Required parameters:
charset - the value of charset is always UTF-8.
Optional parameters:
revision - the revision number of the specification.
Encoding considerations:
The encoding is always UTF-8.
Security considerations:
The machine-readable debian/copyright file format is declarative
and does not cause commands to be executed. However, some programs
that parse it may execute commands containing values of some fields.
Therefore an attacker may exploit some security flaws in such programs.
Parsers should therefore follow general practices and sanitise their
input.
Interoperability considerations:
This media type is a subtype of text/plain in the sense of the
FreeDesktop Shared MIME-info Database specification.
Published specification:
http://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
Applications that use this media type:
The media type vnd.debian.copyright is not yet recognised by
applications. The machine-readable debian/copyright file format
is for instance read and written by the 'cme' command from the
Config::Model Perl module. This list is not exhaustive.
Additional information:
Deprecated alias names for this type:
None.
Magic number(s):
Files usually start with the following string:
Format: http://www.debian.org/doc/packaging-manuals/copyright-format/
File extension(s):
No extension, but the file is usually named 'copyright'.
Macintosh file type code(s):
None.
Person & email address to contact for further information:
Charles Plessy <plessy@debian.org>
Intended usage:
LIMITED USE
Restrictions on usage:
None.
Author:
Charles Plessy <plessy@debian.org>
Change controller:
The Debian Project <http://www.debian.org>
-------------------------------------------------------------------------
Your comments are very welcome,
--
Charles Plessy
Tsurumi, Kanagawa, Japan
Reply to: