dadd does not properly validate the time zone #151
Comments
|
Hi, |
|
First of all, thanks for your effort. I wouldn't warn though, I would fail. Otherwise, automated scripts will never realise that the date calculations are wrong. Even human users may be reading the result at the end and miss any warnings above. If you only want to warn, I would document that, in order to assure reliability, the caller should check that nothing gets written to stderr. Because warnings go to stderr, don't they? Another alternative would be adding a command-line option named "--strict", "--reliable" or "--consider-warnings-as-failures". |
* bug/151: fix, PEBKAC, tzmaps need lexicographic ordering test, adjust regression case to use tzmaps from local test directory hygiene, make illegible zone names fatal errors Revert "hygiene, warn about unsuccessful lookups of zones or zone associations, addresses bug #151"
|
No you're right, it's no good having low-level code interact with the user somehow. 461a944 lifts the check and handling into the tools, and makes an illegal zone a fatal error. |
|
The new patch seems fine to me. One minor thing though: I wouldn't use the backtick character |
|
Errors of the form `%s' are needed to allow locales to pick the right quoting character. |
|
OK, then the patch is fine! |
Summary: v0.4.11 of dateutils Keywords: v0.4.11 This is dateutils v0.4.11. This is a bugfix release. Bugfixes: - be strict about inputs in datetest --isvalid (hroptatyr#146) - build on Macs again (hroptatyr#107) - make illegible zone names fatal errors (hroptatyr#151) - be strict in datetest --isvalid when inputs have been specified (hroptatyr#146) - fix issue with negative days remaining after adding months in datediff (hroptatyr#153) See info page examples and/or README. # -----BEGIN PGP SIGNATURE----- # Version: GnuPG v2 # # iEYEABECAAYFAmWyMssACgkQlMmhrILJOQ4F0wCfbiWQfuERz79Mq+BNlyOw0tL6 # RkoAoItx9dPdr/1inKBukpq2McZK2QrF # =upNa # -----END PGP SIGNATURE----- # gpg: Signature made Thu Jan 25 11:07:07 2024 WEST # gpg: using DSA key 94C9A1AC82C9390E # gpg: Can't check signature: No public key
The following command "succeeds" without any hint about the erroneous time zone:
dateutils.dadd --zone=NonExistingTimeZone now +2hThe same applies to option "--from-zone".
Such a lack of validation is generally bad practice, but this is especially risky, because the time zone designations may vary from system to system. Most time zone designations are pretty stable and will usually work, but one day one will fail, and that error will probably go unnoticed.
This problem was mentioned in passing in #97.
The text was updated successfully, but these errors were encountered: