Dear all, here is the information that I consider submitting to the IANA.
By the way, I realised that the procedure for registration of media types is being updated. Among the changes in this draft, early submission of media types is encouraged, the use of unregistered (x.) prefixes is reduced, and x- prefixes are no longer considered to be members of the unregistered tree. These x-prefixed types may be registered with no x- prefix if they are generally useful and widely deployed. See http://datatracker.ietf.org/doc/draft-ietf-appsawg-media-type-regs/ I have the following questions about my draft (see below). - Is a charset parameter helpful in the cases a program would fall back on text/plain, or is it useless or confusiong as the machine-readable copyright spec already requires files to be encoded in UTF-8 ? - Would an optional parameter "revision" be useful, or is this premature ? - About security, the discussion on debian-devel leads me to think that there is no need to worry. I included a short comment suggesting that field values should be sanitised as usual. Does anybody see other potential security issues ? ------------------------------------------------------------------------- Type name: text Subtype name: vnd.debian.copyright Required parameters: charset - the value of charset is always UTF-8. Optional parameters: revision - the revision number of the specification. Encoding considerations: The encoding is always UTF-8. Security considerations: The machine-readable debian/copyright file format is declarative and does not cause commands to be executed. However, some programs that parse it may execute commands containing values of some fields. Therefore an attacker may exploit some security flaws in such programs. Parsers should therefore follow general practices and sanitise their input. Interoperability considerations: This media type is a subtype of text/plain in the sense of the FreeDesktop Shared MIME-info Database specification. Published specification: http://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ Applications that use this media type: The media type vnd.debian.copyright is not yet recognised by applications. The machine-readable debian/copyright file format is for instance read and written by the 'cme' command from the Config::Model Perl module. This list is not exhaustive. Additional information: Deprecated alias names for this type: None. Magic number(s): Files usually start with the following string: Format: http://www.debian.org/doc/packaging-manuals/copyright-format/ File extension(s): No extension, but the file is usually named 'copyright'. Macintosh file type code(s): None. Person & email address to contact for further information: Charles Plessy <[email protected]> Intended usage: LIMITED USE Restrictions on usage: None. Author: Charles Plessy <[email protected]> Change controller: The Debian Project <http://www.debian.org> ------------------------------------------------------------------------- Your comments are very welcome, -- Charles Plessy Tsurumi, Kanagawa, Japan -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/[email protected]
