[ic] [interchange] Revert "Add image file check mechanism to verify file type before passing to"
Mike Heins
mikeh at endpoint.com
Sat May 14 14:37:11 UTC 2016
Quoting David Christensen (david at endpoint.com):
>
> > On May 14, 2016, at 7:28 AM, Mike Heins <mike at heins.com> wrote:
> >
> >> Per discussion, this is not Interchange's responsibility.
> >>
> > Since the image tag does call "mogrify", I would argue that it is the Image tag's responsibility.
>
> Anyone who would update Interchange from git to fix this would already
> have the chops to fix the root problem anyway. This is an
> education/awareness issue, not something we should be working around.
> We aren't rolling our own TLS layer to fix Heartbleed, for instance.
> Why is this any different?
Because it makes sense, for all sorts of data integrity reasons, to limit
a program's input to that which it is intended to service. It is true that
the spur is a security issue, but the end is noble in and of itself.
The only downside would be a limitation of the program, which might be
able to handle unanticipated image types, but at this point the universe
of those types is pretty static.
--
Mike Heins
End Point -- Expert Internet Consulting http://www.endpoint.com/
phone +1.765.253.4194 <mikeh at endpoint.com>
Experience is what allows you to recognize a mistake the second
time you make it. -- unknown
More information about the interchange-users
mailing list