Return-Path: X-Original-To: apmail-hc-dev-archive@www.apache.org Delivered-To: apmail-hc-dev-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 785F111C74 for ; Thu, 28 Aug 2014 19:22:31 +0000 (UTC) Received: (qmail 28308 invoked by uid 500); 28 Aug 2014 19:22:30 -0000 Delivered-To: apmail-hc-dev-archive@hc.apache.org Received: (qmail 28266 invoked by uid 500); 28 Aug 2014 19:22:30 -0000 Mailing-List: contact dev-help@hc.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "HttpComponents Project" Delivered-To: mailing list dev@hc.apache.org Received: (qmail 28254 invoked by uid 99); 28 Aug 2014 19:22:30 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 28 Aug 2014 19:22:30 +0000 X-ASF-Spam-Status: No, hits=-0.7 required=5.0 tests=RCVD_IN_DNSWL_LOW,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (nike.apache.org: domain of sebbaz@gmail.com designates 209.85.212.182 as permitted sender) Received: from [209.85.212.182] (HELO mail-wi0-f182.google.com) (209.85.212.182) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 28 Aug 2014 19:22:05 +0000 Received: by mail-wi0-f182.google.com with SMTP id z2so1448065wiv.15 for ; Thu, 28 Aug 2014 12:22:04 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; bh=ZDAq0BHx6/xWy2lUYj7UKptdbu8uCtVWPfBH1yNJw00=; b=b5b8ujZCRq5JLVy+OWcwuffLNNktg4BiNnFVnswSgbMzCM7J2e2SJcog4k8NhFTEFp 5dvfWfYLEGDhVGbtJRz/RWF9e6Z28xFxVsMYxowqH4D/NVe/EQ7uMkzoJ5f5HRIZExwB MvFQNs0ZahjT3qgIQrEd3YjTv54jY84HJLM9QgoDwadECwww7buofwJ3pQ0j/YC4apnn NvhVerMDusnMelzEs6/H2xw+bFsz8r73byW+F8yDzn1gxkL4AFwsjxAUTIQ1HBmNuCfa /WtllF0zP4OWKJPAjlKuEtmy8O1d+lkP0pE2fpvpBySBv6Qq8bkkdHiyiD+vAcvrwZPt VG5Q== MIME-Version: 1.0 X-Received: by 10.194.77.243 with SMTP id v19mr7909255wjw.18.1409253724497; Thu, 28 Aug 2014 12:22:04 -0700 (PDT) Received: by 10.194.162.231 with HTTP; Thu, 28 Aug 2014 12:22:04 -0700 (PDT) In-Reply-To: <53FF8097.6070002@apache.org> References: <7523C7C4-57DF-4788-9FE6-9EC32E1565D4@webweaving.org> <1407946481.19147.6.camel@ubuntu> <1408088529.3857.7.camel@ubuntu> <61F7BA1C-AE91-4ADE-A2BA-2B741D342E4B@webweaving.org> <1408095242.5749.4.camel@ubuntu> <7DDFAB5F-B4E1-4720-A7F0-FC63ED4C9B2D@webweaving.org> <1408103128.7084.0.camel@ubuntu> <53EDFDAE.4020106@apache.org> <1408354584.17162.5.camel@ubuntu> <6720030B-70C7-4364-AAC6-F1E37F0573D2@webweaving.org> <1408627601.28732.4.camel@ubuntu> <10129193-0E8A-44C9-9097-4D1AC1741029@webweaving.org> <1409217604.26571.10.camel@ubuntu> <1409253104.1368.0.camel@ubuntu> <53FF8097.6070002@apache.org> Date: Thu, 28 Aug 2014 20:22:04 +0100 Message-ID: Subject: Re: [Legal] publicsuffix.org test data; was Re: CVE-2014-3577 postmortem From: sebb To: HttpComponents Project Content-Type: text/plain; charset=UTF-8 X-Virus-Checked: Checked by ClamAV on apache.org On 28 August 2014 20:18, Asankha C. Perera wrote: > On 08/29/2014 12:41 AM, Oleg Kalnichevski wrote: >> >> On Thu, 2014-08-28 at 16:51 +0100, sebb wrote: >>> >>> On 28 August 2014 10:20, Oleg Kalnichevski wrote: >>>> >>>> On Thu, 2014-08-21 at 17:50 +0200, Dirk-Willem van Gulik wrote: >>>>> >>>>> Op 21 aug. 2014, om 15:26 heeft Oleg Kalnichevski >>>>> het volgende geschreven: >>>>> >>>>>> I have pretty much completely rewritten every bit of code related to >>>>>> hostname verification in SVN trunk. >>>>>> >>>>>> >>>>>> https://github.com/apache/httpclient/tree/268d6cc113b305addc4a31a70bd7c3b6d545e337/httpclient/src/main/java/org/apache/http/conn/ssl >>>>>> >>>>>> I would truly appreciate someone doing a peer review of the changes >>>>>> and / or giving me feedback with regards to further improvements. >>>>> >>>>> Looks good. Couple of thoughts >>>>> >>>>> - BAD_COUNTRY_2LDS, BAD_COUNTRY_WILDCARD_PATTERN >>>>> >>>>> My guess is that longer term you will get too many specials - and the >>>>> end game is parsing something like https://publicsuffix.org/ and >>>>> specifically >>>>> >>>>> https://publicsuffix.org/list/effective_tld_names.dat >>>>> >>>> Folks >>>> >>>> It turns out that we already have a substantial amount of code for >>>> publicsuffix.org support in our 'cookie' module. It was contributed by >>>> Ortwin 'Odi' Glueck some while ago. >>>> >>>> I would like to enhance the existing implementation and also extend its >>>> test coverage. >>>> >>>> There is a set of test scenarios distributed by Mozilla, which I would >>>> like to re-use >>>> >>>> >>>> http://mxr.mozilla.org/mozilla-central/source/netwerk/test/unit/data/test_psl.txt?raw=1 >>>> >>>> It is distributed as Creative Commons zero copyright. We can incorporate >>>> those test scenarios. Do we need to add attribution clause to our NOTICE >>>> and Zero Copyright license to our LICENSE file? >>>> >>>> What do you think? >>> >>> The rule for adding stuff to NOTICE is here: >>> >>> http://www.apache.org/legal/resolved.html#required-third-party-notices >>> >>> What is the exact wording of the license used by Mozilla? >>> Is there a URL for it? >>> >> The license can be found here: >> >> http://creativecommons.org/publicdomain/zero/1.0/ > > I think it would be safer to add to NOTICE and LICENSE files NOTICE is for _required_ attributions only. NOTICE has to be passed on to downstream consumers so must be as short as possible. > regards > asankha > > -- > Asankha C. Perera > AdroitLogic, http://adroitlogic.org > > http://esbmagic.blogspot.com > > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org > For additional commands, e-mail: dev-help@hc.apache.org > --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org For additional commands, e-mail: dev-help@hc.apache.org