Follow-up Comment #4, bug #66419 (group groff): Hi Rob,
You've given me quite a bit to respond to. A comprehensive response would
take a long time, not least because I'm not certain how to proceed with
addressing all of your complaints to our mutual satisfaction.
[comment #3 comment #3:]
> Two thoughts dawned on me in the shower:
>
> = Security is part of an architecture, not part of a patch
That sounds more like a slogan than a test I can apply to a property of
_groff_ or a commit to its source code.
> = Checking for /'s should occur at an appropriate place and
> emit a reasonable error message:
> grops: Font file names may not contain a '/'
> ('download/Arial.ps' is invalid)
> Such a message would have saved 2/3 or more of my debugging time.
That's a good suggestion; I'll see if it can be done easily.
As noted in bug #64577, at least some of the difficulty here arises from
_grops_ re-using an internal library function that was designed to open *roff
font descriptions to...open things that _aren't_ *roff font descriptions. (A
PostScript Type 1 font is another type of file entirely.) I suppose the
function was already there and was seductively straightforward to use. But I
don't think it was the right choice.
_______________________________________________________
Reply to this item at:
<https://savannah.gnu.org/bugs/?66419>
_______________________________________________
Message sent via Savannah
https://savannah.gnu.org/
signature.asc
Description: PGP signature
