hc-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Asankha C. Perera" <asan...@apache.org>
Subject Re: [Legal] publicsuffix.org test data; was Re: CVE-2014-3577 postmortem
Date Thu, 28 Aug 2014 19:18:47 GMT
On 08/29/2014 12:41 AM, Oleg Kalnichevski wrote:
> On Thu, 2014-08-28 at 16:51 +0100, sebb wrote:
>> On 28 August 2014 10:20, Oleg Kalnichevski <olegk@apache.org> wrote:
>>> On Thu, 2014-08-21 at 17:50 +0200, Dirk-Willem van Gulik wrote:
>>>> Op 21 aug. 2014, om 15:26 heeft Oleg Kalnichevski <olegk@apache.org>
het volgende geschreven:
>>>>
>>>>> I have pretty much completely rewritten every bit of code related to
>>>>> hostname verification in SVN trunk.
>>>>>
>>>>> https://github.com/apache/httpclient/tree/268d6cc113b305addc4a31a70bd7c3b6d545e337/httpclient/src/main/java/org/apache/http/conn/ssl
>>>>>
>>>>> I would truly appreciate someone doing a peer review of the changes
>>>>> and / or giving me feedback with regards to further improvements.
>>>> Looks good. Couple of thoughts
>>>>
>>>> - BAD_COUNTRY_2LDS, BAD_COUNTRY_WILDCARD_PATTERN
>>>>
>>>> My guess is that longer term you will get too many specials - and the end
game is parsing something like https://publicsuffix.org/ and specifically
>>>>
>>>>        https://publicsuffix.org/list/effective_tld_names.dat
>>>>
>>> Folks
>>>
>>> It turns out that we already have a substantial amount of code for
>>> publicsuffix.org support in our 'cookie' module. It was contributed by
>>> Ortwin 'Odi' Glueck some while ago.
>>>
>>> I would like to enhance the existing implementation and also extend its
>>> test coverage.
>>>
>>> There is a set of test scenarios distributed by Mozilla, which I would
>>> like to re-use
>>>
>>> http://mxr.mozilla.org/mozilla-central/source/netwerk/test/unit/data/test_psl.txt?raw=1
>>>
>>> It is distributed as Creative Commons zero copyright. We can incorporate
>>> those test scenarios. Do we need to add attribution clause to our NOTICE
>>> and Zero Copyright license to our LICENSE file?
>>>
>>> What do you think?
>> The rule for adding stuff to NOTICE is here:
>>
>> http://www.apache.org/legal/resolved.html#required-third-party-notices
>>
>> What is the exact wording of the license used by Mozilla?
>> Is there a URL for it?
>>
> The license can be found here:
>
> http://creativecommons.org/publicdomain/zero/1.0/
I think it would be safer to add to NOTICE and LICENSE files

regards
asankha

-- 
Asankha C. Perera
AdroitLogic, http://adroitlogic.org

http://esbmagic.blogspot.com




---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org


Mime
View raw message