[ic] [interchange] Revert "Add image file check mechanism to verify file type before passing to"

Mike Heins mike at heins.com
Sat May 14 15:10:34 UTC 2016

Quoting Mike Heins (mikeh at endpoint.com):
> Quoting David Christensen (david at endpoint.com):
> > 
> > > On May 14, 2016, at 7:28 AM, Mike Heins <mike at heins.com> wrote:
> > > 
> > >>     Per discussion, this is not Interchange's responsibility.
> > >> 
> > > Since the image tag does call "mogrify", I would argue that it is the Image tag's responsibility.
> > 
> > Anyone who would update Interchange from git to fix this would already
> > have the chops to fix the root problem anyway. This is an
> > education/awareness issue, not something we should be working around.
> > We aren't rolling our own TLS layer to fix Heartbleed, for instance.
> > Why is this any different?
> Because it makes sense, for all sorts of data integrity reasons, to limit
> a program's input to that which it is intended to service. It is true that
> the spur is a security issue, but the end is noble in and of itself.
> The only downside would be a limitation of the program, which might be
> able to handle unanticipated image types, but at this point the universe
> of those types is pretty static.

I guess, also, that it would mean that Image::Size is required for the
use of ImageMagick, but that seems to be a minor and managable dependency.
Image::Size is part of Bundle Interchange these days.

Mike Heins
End Point -- Expert Internet Consulting    http://www.endpoint.com/
phone +1.765.253.4194  <mikeh at endpoint.com>

The problem with Internet quotations is that many of them
are not genuine. -- Abraham Lincoln

More information about the interchange-users mailing list