Postponed code pushes
Olson, Arthur David (NIH/NCI)
olsona at dc37a.nci.nih.gov
Mon May 2 18:50:41 UTC 2005
Given comments about increased data file size and about storing rules in the
data files, I'm holding off on incorporating the proposed 64-bit changes in
the ftp version of the time zone package. I welcome additional comments on
these matters; in particular, is adding a "short-output" option to zic a way
of addressing the concern, and is it a good idea (given that it will slow
the spread of new-format data file)?
I'm also holding off on handling TZ strings such as "<UTC+10>-10", with
security in mind (as mentioned by other folks on the time zone mailing
list).
On the one hand, a string such as "<UTC+10>10\nX-Arbitrary-Mail-Header:
Arbitrary-Value" could be used to forge a mail header.
On the other hand, there are far easier ways forge mail headers. Is there
anything that could be done by a carefully selected TZ value that can't be
done more easily in other ways?
--ado
More information about the tz
mailing list