Re: [PATCH] tar bombs and muscle

guix-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH] tar bombs and muscle

From:	Mathieu Lirzin
Subject:	Re: [PATCH] tar bombs and muscle
Date:	Sun, 17 Jan 2016 10:30:56 +0100
User-agent:	Gnus/5.13 (Gnus v5.13) Emacs/24.5 (gnu/linux)

Hi,

Ben Woodcroft <address@hidden> writes:

> There is a somewhat popular bioinformatics program muscle whose
> download tgz is a tar bomb. The bomb moniker seems especially
> appropriate here, since it made the gnu-build-system error out, and
> patching gnu-build-system requires a lot of rebuilding. In the
> attached patches

IMO distributing a tar bomb is a bug, So I would prefer Guix not to work
around it silently.  If it is rare, replacing the unpack phase manually
should be enough.  However If it is common, we could add a procedure in
(guix build utils) to avoid repetition of the same chunk of code.

WDYT?

--
Mathieu Lirzin

[Prev in Thread]

Current Thread

[Next in Thread]

[PATCH] tar bombs and muscle, Ben Woodcroft, 2016/01/16
- Re: [PATCH] tar bombs and muscle, Ben Woodcroft, 2016/01/16
  - Re: [PATCH] tar bombs and muscle, Mathieu Lirzin <=
    - Re: [PATCH] tar bombs and muscle, Pjotr Prins, 2016/01/17
- Re: [PATCH] tar bombs and muscle, Eric Bavier, 2016/01/16
  - Re: [PATCH] tar bombs and muscle, Ben Woodcroft, 2016/01/17
- Re: [PATCH] tar bombs and muscle, Ricardo Wurmus, 2016/01/17

Prev by Date: Re: [PATCH] tar bombs and muscle
Next by Date: Re: [PATCH] tar bombs and muscle
Previous by thread: Re: [PATCH] tar bombs and muscle
Next by thread: Re: [PATCH] tar bombs and muscle
Index(es):
- Date
- Thread