Return-Path: X-Original-To: apmail-corinthia-dev-archive@minotaur.apache.org Delivered-To: apmail-corinthia-dev-archive@minotaur.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 1B26D105EF for ; Mon, 22 Dec 2014 16:58:02 +0000 (UTC) Received: (qmail 41300 invoked by uid 500); 22 Dec 2014 16:58:02 -0000 Delivered-To: apmail-corinthia-dev-archive@corinthia.apache.org Received: (qmail 41266 invoked by uid 500); 22 Dec 2014 16:58:02 -0000 Mailing-List: contact dev-help@corinthia.incubator.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@corinthia.incubator.apache.org Delivered-To: mailing list dev@corinthia.incubator.apache.org Received: (qmail 40079 invoked by uid 99); 22 Dec 2014 16:58:00 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 22 Dec 2014 16:58:00 +0000 X-ASF-Spam-Status: No, hits=1.0 required=5.0 tests=SPF_SOFTFAIL X-Spam-Check-By: apache.org Received-SPF: softfail (nike.apache.org: transitioning domain of dennis.hamilton@acm.org does not designate 216.234.124.51 as permitted sender) Received: from [216.234.124.51] (HELO barracuda.supercp.com) (216.234.124.51) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 22 Dec 2014 16:57:33 +0000 X-ASG-Debug-ID: 1419267418-0798da1d4e821c0001-KCmPzH Received: from a2s42.a2hosting.com (a2s42.a2hosting.com [216.119.133.2]) by barracuda.supercp.com with ESMTP id qfiTt6XIGmElr1Ek for ; Mon, 22 Dec 2014 11:56:58 -0500 (EST) X-Barracuda-Envelope-From: dennis.hamilton@acm.org X-Barracuda-Apparent-Source-IP: 216.119.133.2 Received: from 97-113-57-118.tukw.qwest.net ([97.113.57.118]:33042 helo=Astraendo2) by a2s42.a2hosting.com with esmtpa (Exim 4.82) (envelope-from ) id 1Y36Hx-002Zrt-J2 for dev@corinthia.incubator.apache.org; Mon, 22 Dec 2014 11:56:58 -0500 Reply-To: From: "Dennis E. Hamilton" To: Subject: MiniZip Dependency Consideration Date: Mon, 22 Dec 2014 08:56:57 -0800 X-ASG-Orig-Subj: MiniZip Dependency Consideration Organization: NuovoDoc Message-ID: <004c01d01e08$4ce43420$e6ac9c60$@acm.org> MIME-Version: 1.0 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Mailer: Microsoft Outlook 15.0 Thread-Index: AdAeBxa0N3eu+TopQuKnV9JqzEtMAw== Content-Language: en-us X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - a2s42.a2hosting.com X-AntiAbuse: Original Domain - corinthia.incubator.apache.org X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12] X-AntiAbuse: Sender Address Domain - acm.org X-Get-Message-Sender-Via: a2s42.a2hosting.com: authenticated_id: himself+orcmid.com/only user confirmed/virtual account not confirmed X-Barracuda-Connect: a2s42.a2hosting.com[216.119.133.2] X-Barracuda-Start-Time: 1419267418 X-Barracuda-URL: https://216.234.124.51:443/cgi-mod/mark.cgi Received-SPF: softfail (supercp.com: domain of transitioning dennis.hamilton@acm.org does not designate 97.113.57.118 as permitted sender) X-Virus-Scanned: by bsmtpd at supercp.com X-Barracuda-BRTS-Status: 1 X-Barracuda-Spam-Score: 0.00 X-Barracuda-Spam-Status: No, SCORE=0.00 using per-user scores of TAG_LEVEL=1000.0 QUARANTINE_LEVEL=4.0 KILL_LEVEL=5.0 tests=BSF_SPF_SOFTFAIL X-Barracuda-Spam-Report: Code version 3.2, rules version 3.2.3.13259 Rule breakdown below pts rule name description ---- ---------------------- -------------------------------------------------- 0.00 BSF_SPF_SOFTFAIL Custom Rule SPF Softfail X-Virus-Checked: Checked by ClamAV on apache.org There has been previous discussion on replacing the external dependency = on MiniZip. One thing to be careful about is the fact that these "simple" = implementations, and simpler replacements, can be too simple. We'll = need to be vigilant about exposures to crafted exploits and also to how = detected errors are handled in a resilient fashion. This is a timely reminder: = . I think, in the long run, it should be possible to slide in an = implementation of DCF, the ISO Document Container Profile of the PKWARE = Zip specification. This is oriented specifically to the use of Zip as a = document container in cross-platform interchange (rather than a way of = moving archives of file sets from one computer to another). This should = accomodate for OPC (in OOXML and elsewhere), ODF, and ePUB without = difficulty. =20 I'm not clear, at this point, when DCF will appear and how available it = will be. - Dennis