On 10/10/22, 10:14 AM, "Boris Kolpackov" <bo...@codesynthesis.com> wrote:
> What would be the other options for XML Schema validation usable > from C++? Libxml2? https://gitlab.gnome.org/GNOME/libxml2/-/wikis/home Says it supports XML Schema 1.0 (which is all Xerces ever did AFAIK). It is hardly unusual to find that the best option to do something in C++ is to use a C library. > And, no, rewriting everything in a different language just because > Xerces-C++ has some bugs is not a sensible step. That is a matter of opinion, because if a security bug pops up (*) that nobody can fix, you (and I) are going to be in a very, very bad position. Moving to a different language is the only sensible option if in fact there is nothing else to use, and I am doing exactly that, despite the many hours it will take. (*) If somebody fuzzes this library with serious intent, that's not only likely, it's practically guaranteed. > FWIW, I will vote strongly against moving Xerces-C++ to Attic and if > that happens we will fork it (we are already half way there[1] anyway). That's why I haven't pushed it, it doesn't really serve any purpose for me to make the effort when I would have to fork it myself anyway. But I do think it's past time to be posting a clear warning that nobody else should be adopting this library in any new work. -- Scott
