On 05 Jan 09:38, Johannes Berg wrote: > On Mon, 2016-01-04 at 10:00 +0000, Finucane, Stephen wrote: > > > > I agree with your concerns but haven't given them a thought to be honest. > > > Right now only patchwork admins can changes the rules, but as you mention > > > we > > > might not trust them. > > Frankly, I'm not quite sure of the permissions model, and even what > "admin" means. > > I'm "maintainer" of the linux-wireless project on the kernel.org > patchwork, and in that role I think I should be able to change the > auto-delegate settings. > However, the kernel.org server admin might not trust me with arbitrary > regexps. > > > Could we use fnmatch instead? This is the suggestion on StackOverflow > > [1] and > > documentation for the function suggests that the grammar is a very > > simple one > > without the possibility for backrefs or other "dangerous" things [2]. > > I see no problem with that. > > johannes
Actually, this patch adds regex support in place of the fnmatch already used. In light of the security risks, I'm reluctant to add support for this in its current form. Far as I see it, we can either avoid regex support or if it's valuable enough to include, make it an optional feature that can be enabled/disabled accordingly. I'd rather the former for simplicity, though I don't have any visibility into how useful this is so I'd like input. Thoughts? Stephen _______________________________________________ Patchwork mailing list [email protected] https://lists.ozlabs.org/listinfo/patchwork
