Quoting "Benj. Mako Hill" <[EMAIL PROTECTED]>: > AIUI, XSL is quite powerful and can do some pretty invasive things on > a system, right? It is absolutely wrong to import code, untested and > unchecked, from the Internet and run it on a users machine without > asking them or even telling them. You can't trust code of the network.
Yes, yes, yes, and yes :-) That's why we have XML catalogs in Debian and why users should not use an XSLT processor that is not XML catalog aware. We have at least four XSLT processors in Debian, of which three - AFAIK - do handle XML catalogs: saxon, xalan, xsltproc. Only sablotron does not, IIRC, so we have to file a bug there. > This behavior is *extremely* inconvenient for people working offline > and dangerous for people working online. This package can have the > correct dependencies so that it just works. Again, yes and yes :-) BTW, I always use 'xsltproc --nonet' - if the catalog does not work, one gets an error instead of an unwanted net access. I don't know whether saxon and xalan have similar options. Mark, did you look at my patch? It's only four lines plus we have to add a symlink and one logo graphics file. Cheers, WB -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
