On Thu, Jul 24, 2025 at 01:10:51AM +0200, Omar Polo wrote:
> wow this is long :-)
> 
> i probably need another read.  left some nitpicks but globally i think
> we want this in as soon as possible and eventually fix/address stuff in
> tree.

You have made some helpful suggestions, thanks!
I'll incorporate the simple ones, casts and such. For the rest I would
prefer to tweak things in-tree on the main branch.

> the only thing that makes me a bit uncomfortable is some of the
> validation we do.  don't get me wrong, i love the degree of validation
> that you're doing, but in a few cases (email) i think it might be a bit
> too much, and just a general check that it cannot break the generated
> config could be enough.  but i also see the value in being more strict
> upfront.

I won't mind relaxing unnecessary restrictions later.
Allowing additional characters later is never a problem, while taking
previously allowed characters away could break existing configuration files.

We could escape double-quote and backslash everywhere, instead of enforcing
arbtrary rules about allowed characters. We could then even allow " in
passwords, for example.

I do not want to add this feature without any safety contraints for the
generated gotd.conf. I deciced to start out with strict rules because I
didn't want to worry about nailing the escaping of arbitrary user input
100% safely while building up the foundations for having notifications
in the first place. Strict character filter rules are a bit easier to
check for correctness.