Demi Marie Obenour <demiobenour@gmail.com> writes:

> Should the values from config.nix be validated in any way?  They are
> obviously trusted, but it is very easy for the users to make mistakes
> that could cause extremely confusing problems.  For instance, the
> update patch doesn't support URLs with a query string or a fragment
> specifier.  In fact, such URLs could get mangled.  There are other
> URLs that tools like curl will accept but which will break the build.
>
> Should these be validated with regular expressions before use?
> That will result in build-time errors that at least somewhat point
> to the source of the problem, rather than mysterious build-time or
> runtime misbehavior.

Is there a way we could prevent those URLs getting mangled?

Assuming no, we don't know of anybody currently using the configuration
mechanism, so I wouldn't spend much time on it personally, but that
doesn't necessarily mean that you shouldn't.  Do it in separate patches
at least though so it doesn't hold up higher priority stuff.