Ray Olszewski wrote:
At 04:50 PM 7/2/2004 -0700, Tom Eastep wrote:
Mike Noyes wrote:
On Fri, 2004-07-02 at 11:13, Ray Olszewski wrote:
This gets to the heart of the matter, and is the main reason I asked. I'm not sure that we should do anything. However, I'd be disappointed if a person using a leaf branch gets compromised because of IE problems. You probably know who I think would mistakenly get blamed.
If we would just admit that .lrp files are nothing more than stylized gzip-compressed tar files and change their extension to .tgz, we wouldn't have this problem.
If you are referring to the text/binary problem I raised, this is not true. It applies to any idiosyncratic extension, since most Web servers treat unknown extensions as type text.
My point is that under the covers, a .lrp archive is really a .tgz and that the .tgz extension is orders of magnitude more common than .lrp. So by switching the extension from .lrp to .tgz, you reduce the problem by a similar order of magnitude. Out of the box, Apache is configured with .tgz as a known extension -- not so with .lrp.
-Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ [EMAIL PROTECTED]
-------------------------------------------------------
This SF.Net email sponsored by Black Hat Briefings & Training.
Attend Black Hat Briefings & Training, Las Vegas July 24-29 - digital self defense, top technical experts, no vendor pitches, unmatched networking opportunities. Visit www.blackhat.com
_______________________________________________ leaf-devel mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-devel
