ant-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Archie Cobbs" <arc...@dellroad.org>
Subject Re: Relaxing allowed ant tasks in packager.xsl
Date Tue, 06 Jan 2009 17:49:39 GMT
I think this is a good idea. I think we can also do it in a way that
satisfies the security conscious.

For example, we have add a new setting on the packager resolver e.g.
restricted="true/false" that would either restrict the ant operations to the
ones allowed now (if true), otherwise allow all ant operations (if false).

What do others think? I've attached a patch that implements this.

-Archie

On Mon, Jan 5, 2009 at 2:21 PM, Mark Thomas <spatialguru.net@gmail.com>wrote:

> I've come across a problem in using the packager resolver in that the
> "allowed" ant tasks are too limited for certain.  For example, many
> open-source Java software is no longer including the javadocs in the
> archive(s) in order to limit download size (e.g. jcommon, hibernate 3.3+),
> but they do provide an ant or maven file to generate the javadocs from
> source.  This could be done easily using the <ant/> ant task; however, this
> task is not allowed by packager.xsl.  I propose relaxing the restrictions on
> the allowable ant tasks in order to overcome this limitation.
>
> Regards,
>
> Mark Thomas
> spatialguru.net@gmail.com
> 205.529.9013
>
> "Commit to the Lord whatever you do,
>    and your plans will succeed." - Proverbs 16:3
>



-- 
Archie L. Cobbs

Mime
View raw message