scantor commented on PR #1205: URL: https://github.com/apache/maven/pull/1205#issuecomment-1887424473
> > A personal project won't really work, but is there any way this can go into Woodstox or the Apache XML project or something like that? > > @cotowncoder ? @scantor ? Umm. Maybe I was referenced by mistake, but I'm not sure of my relevance to this? As a maintainer of software that uses Maven itself, I certainly have "opinions" but I think you all addressed the main one, which is to turn this off by default. All I can say is, please don't ever enable this by default. Ever. I say that as somebody that's worked with XML for 25 years and has been fixing security bugs in the use of it for about 20. Maybe that's why you asked me? -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
