Bug#542000: Tries to load DTDs from the network
Daniel Leidert
daniel.leidert at wgdd.de
Mon Aug 17 14:27:18 UTC 2009
Florian Weimer wrote:
> * Daniel Leidert:
>
>> Xalan doesn't use the catalog system. Please simply use it to avoid
>> access to the internet.
>
> You should really change it to use the catalog system by default.
You are talking to the wrong person. I'm not responsible for Xalan nor
the chosen design of Java (upstream) packaging. JFTR: Saxon doesn't use
it too by default (ditto for XT AFAIK). People are also often complaining
about fop not using the catalogs too. I can't tell you, why this decision
has been made, so I cannot justify here and leave this decision to the
maintainer(s). However, you can easily achieve, what you requested.
>> http://www.sagehill.net/docbookxsl/UseCatalog.html#UsingCatsXalan
>>
>> I'm in favour of closing this report without any further action. You
>> discovered the intended design.
>
> The design is broken, and the resulting behavior is rude to W3C.
I know:
http://www.w3.org/blog/systeam/2008/02/08/w3c_s_excessive_dtd_traffic
Maybe you want to turn off validation completely (similar to the --nonet
switch of xsltproc). But I don't know Xalan/Saxon that much to tell you,
how to do this.
Regards, Daniel
More information about the pkg-java-maintainers
mailing list