Josh Grossman
Josh Grossman
@elarlang what are our next steps on this?
I just asked you a question there :)
Hi @hansphp, I think I understand your point. To me it is about trying to be more sophisticated in how we verify that the file is really what it says...
@SoftwareSinner I'm afraid I am not sure I understand why you want to make that change...
@elarlang I agree that how a file is served later is important but as you say we have a requirement to cover that. I also think that there is value...
I think the aim is to clarify what we mean but file content. If that ends up just being "magic bytes" then I think that is ok as it clarifies...
Hey @elarlang I understand dropping "untrusted sources" but I think we still need to be specific so how about: _Verify that files **being processed by the application** are validated to...
We need a way to be clear about the sort of files we are talking about here. We aren't just talking about every file involved in the application like code...
@elarlang what would you add to this requirement to give an example so as to make it clearer? I am not sure what you are suggesting > Verify that files...
Can you suggest how you would reword the requirements?