From: Stefan Sperling Subject: Re: gotsysd notification support To: Omar Polo Cc: gameoftrees@openbsd.org Date: Thu, 24 Jul 2025 08:09:46 +0200 On Thu, Jul 24, 2025 at 01:10:51AM +0200, Omar Polo wrote: > wow this is long :-) > > i probably need another read. left some nitpicks but globally i think > we want this in as soon as possible and eventually fix/address stuff in > tree. You have made some helpful suggestions, thanks! I'll incorporate the simple ones, casts and such. For the rest I would prefer to tweak things in-tree on the main branch. > the only thing that makes me a bit uncomfortable is some of the > validation we do. don't get me wrong, i love the degree of validation > that you're doing, but in a few cases (email) i think it might be a bit > too much, and just a general check that it cannot break the generated > config could be enough. but i also see the value in being more strict > upfront. I won't mind relaxing unnecessary restrictions later. Allowing additional characters later is never a problem, while taking previously allowed characters away could break existing configuration files. We could escape double-quote and backslash everywhere, instead of enforcing arbtrary rules about allowed characters. We could then even allow " in passwords, for example. I do not want to add this feature without any safety contraints for the generated gotd.conf. I deciced to start out with strict rules because I didn't want to worry about nailing the escaping of arbitrary user input 100% safely while building up the foundations for having notifications in the first place. Strict character filter rules are a bit easier to check for correctness.