On Tue, 2017-04-04 at 08:44 +0200, Jan Kurik wrote: > = Proposed System Wide Change: Switch libidn-using applications to > IDNA2008 = > https://fedoraproject.org/wiki/Changes/IDNA2008 > > Change owner(s): > * Nikos Mavrogiannopoulos <nmav AT redhat DOT com> > * Robert Scheck <robert AT fedoraproject DOT org> > > The proposed change is about deprecating libidn, which supports > IDNA2003, and switch all applications using libidn, to libidn2 2.0.0, > which supports IDNA2008. > > > == Detailed Description == > Internationalized domain names exist for quite some time (IDNA2003), > although the protocols describing them have evolved in an > incompatible > way (IDNA2008). These incompatibilities will prevent applications > written for IDNA2003 to access certain problematic domain names > defined with IDNA2008, e.g., faß.de is translated to domain > xn--fa-hia.de with IDNA2008, while in IDNA2003 it is translated to > fass.de domain. That not only causes incompatibility problems, but > may > be used as an attack vector to redirect users to different web sites. > > The proposed change is about deprecating libidn, which supports > IDNA2003, and switch all applications using libidn, to libidn2 2.0.0, > which supports IDNA2008. The switch should be transparent as the > libidn2 library is API compatible. > > Note that even in the web browsers, field there is much confusion on > the topic. Chromium appears to use IDNA2008 transitional (i.e., > IDNA2003 mapping for the problematic characters), while Firefox and > Safari have already moved to IDNA2008. > > For more information see: > * http://nmav.gnutls.org/2017/04/the-mess-with-internationalized-doma > in.html > * https://www.plesk.com/blog/what-is-the-problem-with-s/ > * http://unicode.org/faq/idn.html#6 > > > == Scope == > * Proposal owners: > The proposal owner is expected to co-ordinate and fill the required > bugs on the distribution.
What was left out of the proposal is whether we should keep libidn in the OS. IDNA2003 may still be in use somewhere, but even when it is, it is via IDNA2008-transitional mode. Are there any other reasons to keep libidn in Fedora? regards, Nikos _______________________________________________ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org
