[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: How to cope with patches sanely

* Ben Finney:

> It's no security risk to unpack a tarball, apply a patch to it via GNU
> 'patch', and examine the result.

History should tell you that this is not true. 8-) I can even understand
people who state that GNU tar should never be used to uncompress
tarballs from untrusted sources, and we therefore do not need to provide
security support for it, but this is going a bit too far for my taste.

But my point really is: Please do do not use potential security issues
as arguments.  The overall situation is sufficiently bad that this can
be used to prove *anything*.

Reply to: