[prev in list] [next in list] [prev in thread] [next in thread] 

List:       kc-kde
Subject:    [kc-kde] Update
From:       "Timothy R. Butler" <tbutler () uninetsolutions ! com>
Date:       2002-06-03 5:42:54
[Download RAW message or body]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi again,
  I had a small bug in my XML, please find an updated bit attached.

  -Tim

- -- 
- ----------------------------------------------------------------
Timothy R. Butler                    tbutler@uninetsolutions.com 
Universal  Networks                       http://www.uninet.info        
Christian Portal and Search Tool:       http://www.faithtree.com
Open Source Migration Guide:                  http://www.ofb.biz
============= "Christian Web Services Since 1996" ==============
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE8+wHxK37Cns9gJ0gRAgP6AKCVTkWmr31+CTWuP4vKiiv2UM1kcwCcDx67
XwIVtoJnEC9u1NeZ7CqfUsk=
=GCfq
-----END PGP SIGNATURE-----

["kc 2002.06.02.xml" (text/xml)]

<section
  title="KOffice Mimetypes Submitted to IETF for Public Review"
  author="Timothy R. Butler"
  email="tbutler@uninetsolutions.com"
  subject="Draft template for registration of KOffice mimetypes"
  archive="http://lists.kde.org/?l=koffice-devel&m=102189872531684&w=2"
  posts="28"
  startdate="May 20, 2002 12:37:13 +0200"
  enddate="2002-05-26 19:24:37 +0200">

<p>Continuing his attempt to help get KDE's mimetypes registered with IANA,
<a href="mailto:Marc.Mutz@uni-bielefeld.de">Marc Mutz</a> wrote in saying:</p>

<quote who="Marc Mutz">
<p>Now that the ZIP format has arrived in KOffice, we can finally register
the KOffice mime types.</p>

<p>Please read the template thouroughly, since I intend to send it to the
ietf-types mailing list for a two-week comment period before it goes 
into the IANA registry.</p>

<p>I have changed the magic numbers from what I found in kdelibs/kio/magic
in anticipation that the new mime types will also be used internally 
(at least you already test for both app/x-kapp and app/vnd.kde.kapp in 
the source).</p>
</quote>

<p>His message continued with a generic registration that could be used for the \
various KOffice applications. Marc finished off with a question, saying, <quote \
who="Marc Mutz">Please tell me for which KOffice apps this template holds and for \
which it needs modifications.</quote> Marc's message created a flurry of responses, \
including an answer to his question from <a href="david@mandrakesoft.com">David \
Faure</a>:</p>

<quote who="David Faure">
<p>I think it applies to those, they all use the KoDocument methods for \
loading/saving: karbon, kchart, kformula, kivio, kontour, kpresenter, kspread, \
kword</p>

<p>What do we do about the apps that are not released yet?
kdatabase and kplato will surely use xml+zip, but we could register those apps
only when they exist, right?</p>

<p>Krita: will it have xml+zip as a native format, or will it only load/save images \
(jpeg, png etc.) ? Kugar doesn't appear to have an xml+zip format.</p>
</quote>

<p>After the discussion had settled, Marc wrote in again with an update:</p>

<quote who="Marc Mutz">
<p>Following is the expanded list of mime types for these KOffice apps:
kword, kspread, kpresenter, kformula, kchart, kivio, kontour, karbon</p>

<p>This public review will be not be very extensive, though, so don't count
on others doing it - do it yourself! ;-)</p>
</quote>

<p><a href="mailto:nicog@snafu.de">Nicolas Goutte</a> responded with a question \
concerning the security information included in the proposal:</p>

<quote who="Nicolas Goutte">
<p> I am sorry to be picky again!</p>

<p>"ZIP archives, XML files and supported image files"</p>

<p>Do WMF (Windows Meta Files) count as images too? What is the security status
of those</p>
</quote>

<p>A small discussion on security ensued, to which <a \
href="mailto:zander@planescape.com">Thomas Zander</a> replied:</p>

<quote who="Thomas Zander">
<p>svg/eps/wml etc are all embedded in the document (but that is optional to
begin with).  The document that uses the mime-type is a zip; so basically
you can include any executable/shell script virus in there as you want.
The statement that it does not introduce extra security concerns it therefor
complete.</p>

<p>For the people that are afraid that I am sidestepping the problem with that;
on the question of using any scripts or other possible virii like code in the
archive we keep and always will have the statement that we believe in seperation
of document-data and executable-data. We will never allow something to be
executed when it (or its container) is marked as document data.</p>
</quote>

<p>Finally, Marc wrote in saying <quote who="Marc Mutz">As you've seen, I
just sent the mime type reg's to ietf-types@iana.org for a two-week \
review.</quote></p>

</section>


_______________________________________________
kc-kde mailing list
kc-kde@mail.kde.org
http://mail.kde.org/mailman/listinfo/kc-kde

[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic