Hi,
This a real example :
The xbill package contains : /usr/share/gnome/help/xbill/C/xbill.xml
In this file the DTD is refered by an absolute external link :
<!DOCTYPE article PUBLIC "-//OASIS//DTD DocBook XML V4.1.2//EN"
"http://www.oasis-open.org/docbook/xml/4.1.2/docbookx.dtd";
Thus : scrollkeeper-update blindly connect to www.oasis-open.org to get
the docbookx.dtd.
I can trust signed debian packages but I can't trust
www.oasis-open.org.
More than 18 files in /usr/share/gnome/help/ induce this download.
I'am about to make bug report against scrollkeeper (for acting blindly,
and dowloading the same file more than once) and against packages that
provides the xml files (for using external DTD instead of provinding
it)...
Your opinion?
Cheers,
SEb
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
