[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: zoo: directory traversal security bug

Oleksandr Moskalenko wrote:

Having a good relationship with upstream helps immensely especially if the
maintainer doesn't know C or C++ or whatever the software is written in. Maybe
that should be in the policy, too ;)

We really should not take it to the absurd extremes.
That is true, but we do have an obligation to our users. Every DD makes mistakes. What is the chance they might upload something that contains a Trojan if they do not know the source? How would they be able to check a claim if they cannot program in the source language?


Reply to: