hc-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From sebb <seb...@gmail.com>
Subject Re: [Legal] publicsuffix.org test data; was Re: CVE-2014-3577 postmortem
Date Thu, 28 Aug 2014 21:34:08 GMT
On 28 August 2014 20:32, Asankha C. Perera <asankha@apache.org> wrote:
> On 08/29/2014 12:49 AM, sebb wrote:
>>
>> On 28 August 2014 20:11, Oleg Kalnichevski <olegk@apache.org> wrote:
>>>
>>> On Thu, 2014-08-28 at 16:51 +0100, sebb wrote:
>>>>
>>>> On 28 August 2014 10:20, Oleg Kalnichevski <olegk@apache.org> wrote:
>>>>>
>>>>> On Thu, 2014-08-21 at 17:50 +0200, Dirk-Willem van Gulik wrote:
>>>>>>
>>>>>> Op 21 aug. 2014, om 15:26 heeft Oleg Kalnichevski <olegk@apache.org>
>>>>>> het volgende geschreven:
>>>>>>
>>>>>>> I have pretty much completely rewritten every bit of code related
to
>>>>>>> hostname verification in SVN trunk.
>>>>>>>
>>>>>>>
>>>>>>> https://github.com/apache/httpclient/tree/268d6cc113b305addc4a31a70bd7c3b6d545e337/httpclient/src/main/java/org/apache/http/conn/ssl
>>>>>>>
>>>>>>> I would truly appreciate someone doing a peer review of the changes
>>>>>>> and / or giving me feedback with regards to further improvements.
>>>>>>
>>>>>> Looks good. Couple of thoughts
>>>>>>
>>>>>> - BAD_COUNTRY_2LDS, BAD_COUNTRY_WILDCARD_PATTERN
>>>>>>
>>>>>> My guess is that longer term you will get too many specials - and
the
>>>>>> end game is parsing something like https://publicsuffix.org/ and
>>>>>> specifically
>>>>>>
>>>>>>        https://publicsuffix.org/list/effective_tld_names.dat
>>>>>>
>>>>> Folks
>>>>>
>>>>> It turns out that we already have a substantial amount of code for
>>>>> publicsuffix.org support in our 'cookie' module. It was contributed by
>>>>> Ortwin 'Odi' Glueck some while ago.
>>>>>
>>>>> I would like to enhance the existing implementation and also extend its
>>>>> test coverage.
>>>>>
>>>>> There is a set of test scenarios distributed by Mozilla, which I would
>>>>> like to re-use
>>>>>
>>>>>
>>>>> http://mxr.mozilla.org/mozilla-central/source/netwerk/test/unit/data/test_psl.txt?raw=1
>>>>>
>>>>> It is distributed as Creative Commons zero copyright. We can
>>>>> incorporate
>>>>> those test scenarios. Do we need to add attribution clause to our
>>>>> NOTICE
>>>>> and Zero Copyright license to our LICENSE file?
>>>>>
>>>>> What do you think?
>>>>
>>>> The rule for adding stuff to NOTICE is here:
>>>>
>>>> http://www.apache.org/legal/resolved.html#required-third-party-notices
>>>>
>>>> What is the exact wording of the license used by Mozilla?
>>>> Is there a URL for it?
>>>>
>>> The license can be found here:
>>>
>>> http://creativecommons.org/publicdomain/zero/1.0/
>>
>> That's not actually the license, nor does the link to the full text
>> appear to be the text of the license.
>>
>> I was after the link to the license details on the Mozilla site.
>
> I think that is the legal text.. but for the NOTICE file we could possibly
> use just the following two lines to keep it short?
>
>
> // Any copyright is dedicated to the Public Domain.
> // http://creativecommons.org/publicdomain/zero/1.0/
>

That would not be sufficient, as it is not clear to what the lines refer.

However, we should not add anything to NOTICE unless it is _required_.
This does not appear to be the case here.

NOTICE is for _required_ attributions.

> asankha
>
>
> --
> Asankha C. Perera
> AdroitLogic, http://adroitlogic.org
>
> http://esbmagic.blogspot.com
>
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
> For additional commands, e-mail: dev-help@hc.apache.org
>

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org


Mime
View raw message