Gerfried Fuchs <[email protected]> writes: > On #debian-www "will" raised concerns that there might be issues with > respect to our logo license for including the debian lettering. It > doesn't contain a warranty waiver, and given that we publish svg > images which could contain potential harmful scripting (from will's > interpretation, not sure if that actually is possible or if there is > some sandbox involved?) this might be considered an issue.
This does seem to be a valid concern. The SVG standard allows for documents to contain executable code for animation with ECMAScript <URL:http://www.w3.org/TR/SVG11/animate.html#DOMAnimationExample>. So that at least makes it plausible that an SVG image could contain dangerous code. > Is this something we should change? Not worry about? "Much Ado Nothing"? I think it would be prudent to add a warranty disclaimer like those found in Expat license terms or similar. -- \ “… Nature … is seen to do all things Herself and through | `\ herself of own accord, rid of all gods.” —Titus Lucretius | _o__) Carus, c. 40 BCE | Ben Finney -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/[email protected]
