Wowee, that was meant for another thread! Not related to packed DPX!
> On Dec 4, 2021, at 1:44 PM, Larry Gritz <l...@larrygritz.com> wrote: > > The other alternative, I suppose, is to have no limits by default, and apps > that wish to be "safe" need to proactively make a call to set up the > guardrails. But then you have to trust the majority of apps to set it, and to > do so sensibly (or risk not having any input sensibility validation in > place), rather than trusting just the very few who need higher limits to know > how to raise the controls. > > Things like this are of growing concern to all our popular open source > libraries (not just OIIO), especially the ones successful enough to make > their way into commercial apps, cloud services, etc. -- those vendors become > paranoid (and rightfully so) that the library becomes an attack surface that > makes the whole app or service vulnerable to maliciously crafted input. The > few people who are out there looking for and exploiting every possible way to > subvert the software stack are really making life complicated and miserable > for the rest of us. This is why we can't have nice things. -- Larry Gritz l...@larrygritz.com
_______________________________________________ Oiio-dev mailing list Oiio-dev@lists.openimageio.org http://lists.openimageio.org/listinfo.cgi/oiio-dev-openimageio.org
