On Mon, Mar 16, 2009 at 12:17 PM, Thomas Roessler t...@w3.org wrote:
I'd suggest this instead:
Implementations should be careful about trusting path components found in
the zip archive: Such path components might be interpreted by operating
systems as pointing at security critical files
Hi Frederick,
On 3/17/09 1:01 PM, Frederick Hirsch wrote:
The latest draft includes the revised text from Thomas.
Marcos, are you suggesting we add something more? It sounds like what
you are saying here, is that it should be a valid widget file. Isn't
that part of PC checking? I'm not sure
On 3/17/09 12:59 PM, Frederick Hirsch wrote:
I already made this change :) to widget user agent. I think that should
work...
Sorry to be annoying, but we should be trying to architecturally design
all the specs to behave as independent as possible (and eradicate the
notion of an overall
Marcos, Frederick,
I should have asked Frederick to make the changes Marcos suggested
below. Sorry about that!
Anyhow, Frederick agreed to make the changes.
-Regards, Art Barstow
On Mar 17, 2009, at 8:44 AM, ext Marcos Caceres wrote:
On 3/17/09 12:59 PM, Frederick Hirsch wrote:
I
Marcos
Rather than replicating this, which might be error prone and hard to
maintain, perhaps Widget Signature should reference P C for this.
What do you think ?
regards, Frederick
On Mar 17, 2009, at 8:15 AM, ext Marcos Caceres wrote:
Hi Frederick,
On 3/17/09 1:01 PM, Frederick
On 3/17/09, Frederick Hirsch frederick.hir...@nokia.com wrote:
Marcos
Rather than replicating this, which might be error prone and hard to
maintain, perhaps Widget Signature should reference P C for this.
What do you think ?
I think that should be fine.
regards, Frederick
On Mar 17,
-Group
Cc: Frederick Hirsch; ext Marcos Caceres; WebApps WG; Thomas Roessler
Subject: Re: [widgets] Comments on Widget Signature update
(was RE: Widget Signature update)
Mark
Thanks for your review, I have some comments inline. Thomas,
can you please review my proposed change to the security
WG
Subject: Re: [widgets] Comments on Widget Signature update
(was RE: Widget Signature update)
On 13 Mar 2009, at 15:50, Frederick Hirsch wrote:
Thanks for your review, I have some comments inline. Thomas, can you
please review my proposed change to the security considerations text
Mark
20:51
To: ext Marcos Caceres
Cc: Frederick Hirsch; WebApps WG
Subject: Re: Widget Signature update
I updated section 4 to correspond to this:
If the signatures list is not empty, sort the list of
signatures by the file name field in ascending numerical order
(e.g.signature1.xml followed
One (possibly minor) point regarding the filename rule:
At least the Widgets 1.0 PC spec uses ABNF (RFC 5234) and refers to it, maybe
this would be good also in the DigSig spec?
The rule expressed in ABNF would be something like:
signature-filename = signature non-zero-digit *DIGIT .xml
; WebApps WG
Subject: Re: Widget Signature update
I updated section 4 to correspond to this:
If the signatures list is not empty, sort the list of
signatures by the file name field in ascending numerical order
(e.g.signature1.xml followed by signature2.xml followed by
signature3.xml etc).
regards
I updated section 4 to correspond to this:
If the signatures list is not empty, sort the list of signatures by
the file name field in ascending numerical order (e.g.signature1.xml
followed by signature2.xml followed by signature3.xml etc).
regards, Frederick
Frederick Hirsch
Nokia
On
12 matches
Mail list logo