ant-ivy-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Maarten Coene <maarten_co...@yahoo.com>
Subject Re: Relaxing allowed ant tasks in packager.xsl
Date Tue, 06 Jan 2009 20:05:18 GMT
ok for me if the default value of "restricted" is true and that we add a warning to the documentation
about the risks of setting this to "false".
(I didn't take a look at your patch, so maybe you already did that).

Could you attach the patch to a JIRA issue?
This way we won't forget to include it.

Maarten




________________________________
From: Archie Cobbs <archie@dellroad.org>
To: dev@ant.apache.org; Ivy Users <ivy-user@ant.apache.org>
Sent: Tuesday, January 6, 2009 6:49:39 PM
Subject: Re: Relaxing allowed ant tasks in packager.xsl

I think this is a good idea. I think we can also do it in a way that satisfies the security
conscious.

For example, we have add a new setting on the packager resolver e.g. restricted="true/false"
that would either restrict the ant operations to the ones allowed now (if true), otherwise
allow all ant operations (if false).

What do others think? I've attached a patch that implements this.

-Archie


On Mon, Jan 5, 2009 at 2:21 PM, Mark Thomas <spatialguru.net@gmail.com> wrote:

I've come across a problem in using the packager resolver in that the "allowed" ant tasks
are too limited for certain.  For example, many open-source Java software is no longer including
the javadocs in the archive(s) in order to limit download size (e.g. jcommon, hibernate 3.3+),
but they do provide an ant or maven file to generate the javadocs from source.  This could
be done easily using the <ant/> ant task; however, this task is not allowed by packager.xsl.
 I propose relaxing the restrictions on the allowable ant tasks in order to overcome this
limitation.

Regards,

Mark Thomas
spatialguru.net@gmail.com
205.529.9013

"Commit to the Lord whatever you do,
   and your plans will succeed." - Proverbs 16:3



-- 
Archie L. Cobbs


      

Mime
View raw message