On Fri, 2003-12-26 at 03:29, Fabio Gomes wrote: > > A file type is not determined by it's extension. The > > detection-by-extension ethos is a _hack_. > > Not a hack. IMHO, it's a matter of accuracy. Suffix matching is subject > to return wrong results on invalid input, while content sniffing is > subject to return wrong results on _valid_ input. > > This is exactly what I am pointing out at > http://lists.gnome.org/archives/nautilus-list/2003-December/msg00264.html > > A user can fix a badly-named file, but cannot fix a bug in VFS magic. There are a handful of examples of content sniffing being wrong, and these are bugs. It sounds like you have a problem mainly with the speed of bug fixing. > Not true. The origin of these vulnerabilities are not the fact of user > visually identifiyng the files as images. The problem is what I've said > above: > > 1. Windows hides the .exe > 2. Even if windows does not have the .exe, the users are able to execute > attached programs. So you're advocating that all users know what .exe means. Oh, and .pl, .py, .sh, etc etc. Yes, that's really a solution... not. Or are you advocating that we kill email functionality by disallowing the manual opening of attachments to protect the user? - Charlie -- Charles Goodwin <charlie@xxxxxxx> Member of the XWT Foundation The future of the net - www.xwt.org _______________________________________________ gnome-list mailing list gnome-list@xxxxxxxxx http://mail.gnome.org/mailman/listinfo/gnome-list
