Re: [Bug-wget] Overly permissive hostname matching

bug-wget

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Bug-wget] Overly permissive hostname matching

From:	Daniel Kahn Gillmor
Subject:	Re: [Bug-wget] Overly permissive hostname matching
Date:	Wed, 19 Mar 2014 12:11:19 -0400
User-agent:	Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Icedove/24.2.0

On 03/19/2014 11:55 AM, Jeffrey Walton wrote:
> Also, be careful of where you are pulling the list from. I got burned
> by pulling a list that was not being updated
> (https://bugzilla.mozilla.org/show_bug.cgi?id=968064).

i've been similarly burned before too, but i settled on the mxr address
i just posted after trying a few other places.

> The Mozilla folks state the canonical list is at
> http://publicsuffix.org/list/effective_tld_names.dat. See Comment 11
> at https://bugzilla.mozilla.org/show_bug.cgi?id=968064#c11.

i just followed up there to point out that the canonical location for
the data needs to have some form of cryptographic integrity mechanism.
thanks for pointing that out.

        --dkg

signature.asc
Description: OpenPGP digital signature

[Prev in Thread]

Current Thread

[Next in Thread]

Re: [Bug-wget] Overly permissive hostname matching, (continued)

Prev by Date: Re: [Bug-wget] Overly permissive hostname matching
Next by Date: Re: [Bug-wget] Overly permissive hostname matching
Previous by thread: Re: [Bug-wget] Overly permissive hostname matching
Next by thread: Re: [Bug-wget] Overly permissive hostname matching
Index(es):
- Date
- Thread