Re: How to cope with patches sanely

To: debian-devel@lists.debian.org
Subject: Re: How to cope with patches sanely
From: Florian Weimer <fw@deneb.enyo.de>
Date: Fri, 29 Feb 2008 21:30:16 +0100
Message-id: <[🔎] 871w6vqzdz.fsf@mid.deneb.enyo.de>
In-reply-to: <87ir1akvk6.fsf@benfinney.id.au> (Ben Finney's message of "Thu, 31 Jan 2008 23:51:05 +1100")
References: <87sl0i6sf0.fsf@benfinney.id.au> <20080129014103.GA16484@scowler.net> <20080130172152.GA20648@kodama.kitenet.net> <200801310919.34389.seanius@debian.org> <87ir1akvk6.fsf@benfinney.id.au>

* Ben Finney:

> It's no security risk to unpack a tarball, apply a patch to it via GNU
> 'patch', and examine the result.

History should tell you that this is not true. 8-) I can even understand
people who state that GNU tar should never be used to uncompress
tarballs from untrusted sources, and we therefore do not need to provide
security support for it, but this is going a bit too far for my taste.

But my point really is: Please do do not use potential security issues
as arguments.  The overall situation is sufficiently bad that this can
be used to prove *anything*.

Reply to:

Prev by Date: Re: mass ITPs
Next by Date: Re: How to cope with patches sanely
Previous by thread: Re: How to cope with patches sanely
Next by thread: Re: Bug#463462: ITP: libsys-lastlog-perl -- Provides a moderately Object Oriented interface to lastlog
Index(es):
- Date
- Thread