tor 2023-08-03 klockan 15:25 +0200 skrev Nicolas George: > Tomas Härdin (12023-07-31): > > As far as I recall libxml2 does not enable the fancier features of > > XML > > unless told to do so. And if it can't disable things like DTD then > > a > > ticket should be opened with them to make that possible. > > You are missing the point: even if all these features are entirely > disabled (which we cannot be really sure), the code and data > structure > have to be designed to make them possible.
The IMF code uses libxml2 successfully already. I'm not a huge fan of IMF in lavf tbh since it borders on business logic, but at least we're leveraging existing code to support it > > It almost certainly means worse security, not better. > > I am quite sure your estimation in this is wrong. If you think libxml2's test suite is insufficient then open a ticket with them about it. As far as I can tell it is comprehensive. One improvement might be to make use of formal methods to prove code correctness. > You are not a boss directing the time of your employees towards the > task > most profitable for you. Michael is not hacking software defined > radio > to be profitable for somebody, he is having fun with it (probably > because he recently got his hands on the hardware). And I want to > write > a <foo bar="qux"> parser because it is an interesting challenge. Interesting challenges for you are maintenance burdens for everyone else, and therefore appropriating part of their time. /Tomas _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
