On 6/9/2017 1:21 PM, Warren Young wrote:
On Jun 9, 2017, at 12:17 PM, Ross Berteig <[email protected]> wrote:
I do think that the JSON support is close to solid enough to be on by default.
For functionality alone, that is surely true, but in the face of malice?
Parsers are notoriously difficult to make bomb-proof.
Even if the JSON API is 100% solid, it acts as an API to the rest of Fossil.
Some fuzzing the JSON API might find a way to break Fossil itself, a good thing
if we do it before the black hats do.
I agree 100%, which is why I haven't pushed to flip the configure script
option to enable JSON by default.
I hope to be buying some round tuits soon.
I also encourage others to build with JSON enabled and try to break it.
Ideally then reducing any breaks down to a minimal sample so we can add
them to the test suite for regression testing.
--
Ross Berteig [email protected]
Cheshire Engineering Corp. http://www.CheshireEng.com/
+1 626 303 1602
_______________________________________________
fossil-users mailing list
[email protected]
http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users
