policy todo

especially considering latest ImageTragick exploit in wild
https://imagetragick.com/

diff --git a/ImageMagick.spec b/ImageMagick.spec
index ea1d2c61c82858f2185b6961839714eaa73ab861..f06a789ffd8c45c480e6a124ab1e7f7ba9379d1b 100644 (file)
--- a/ImageMagick.spec
+++ b/ImageMagick.spec
@@ -1,3 +1,6 @@
+# TODO
+# - create sane default policy file:
+#   https://www.imagemagick.org/discourse-server/viewtopic.php?f=4&t=26801
 #
 # Conditional build:
 # - features:
@@ -14,7 +17,7 @@
 %bcond_without graphviz        # dot module (which uses GraphViz libraries)
 %bcond_without openjpeg        # JPEG2000 module (which uses openjpeg 2 library)
 %bcond_without wmf             # WMF module (which uses libwmf library)
-# - module feautres:
+# - module features:
 %bcond_without autotrace       # Autotrace support in SVG module
 
 %define                ver     6.9.3