[ic] [interchange] Revert "Add image file check mechanism to verify file type before passing to"
Mike Heins
mike at heins.com
Sat May 14 15:10:34 UTC 2016
Quoting Mike Heins (mikeh at endpoint.com):
> Quoting David Christensen (david at endpoint.com):
> >
> > > On May 14, 2016, at 7:28 AM, Mike Heins <mike at heins.com> wrote:
> > >
> > >> Per discussion, this is not Interchange's responsibility.
> > >>
> > > Since the image tag does call "mogrify", I would argue that it is the Image tag's responsibility.
> >
> > Anyone who would update Interchange from git to fix this would already
> > have the chops to fix the root problem anyway. This is an
> > education/awareness issue, not something we should be working around.
> > We aren't rolling our own TLS layer to fix Heartbleed, for instance.
> > Why is this any different?
>
> Because it makes sense, for all sorts of data integrity reasons, to limit
> a program's input to that which it is intended to service. It is true that
> the spur is a security issue, but the end is noble in and of itself.
>
> The only downside would be a limitation of the program, which might be
> able to handle unanticipated image types, but at this point the universe
> of those types is pretty static.
I guess, also, that it would mean that Image::Size is required for the
use of ImageMagick, but that seems to be a minor and managable dependency.
Image::Size is part of Bundle Interchange these days.
--
Mike Heins
End Point -- Expert Internet Consulting http://www.endpoint.com/
phone +1.765.253.4194 <mikeh at endpoint.com>
The problem with Internet quotations is that many of them
are not genuine. -- Abraham Lincoln
More information about the interchange-users
mailing list