<quote who="W. Borgert" date="Wed, Jun 29, 2005 at 01:54:02PM +0200"> > Quoting "Benj. Mako Hill" <[EMAIL PROTECTED]>: > > AIUI, XSL is quite powerful and can do some pretty invasive things on > > a system, right? It is absolutely wrong to import code, untested and > > unchecked, from the Internet and run it on a users machine without > > asking them or even telling them. You can't trust code of the network. > > Yes, yes, yes, and yes :-) > > That's why we have XML catalogs in Debian and why users should > not use an XSLT processor that is not XML catalog aware. We > have at least four XSLT processors in Debian, of which three > - AFAIK - do handle XML catalogs: saxon, xalan, xsltproc. > Only sablotron does not, IIRC, so we have to file a bug there. > > > This behavior is *extremely* inconvenient for people working offline > > and dangerous for people working online. This package can have the > > correct dependencies so that it just works. > > Again, yes and yes :-) > > BTW, I always use 'xsltproc --nonet' - if the catalog does not > work, one gets an error instead of an unwanted net access. > I don't know whether saxon and xalan have similar options. > > Mark, did you look at my patch? It's only four lines plus > we have to add a symlink and one logo graphics file.
FWIW, I submitted this patch in the past, IIRC as an NMU. It was reverted with the move to a new upstream version I believe. Regards, Mako -- Benjamin Mako Hill [EMAIL PROTECTED] | [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
