Re: [PATCH] tar bombs and muscle

guix-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH] tar bombs and muscle

From:	Pjotr Prins
Subject:	Re: [PATCH] tar bombs and muscle
Date:	Sun, 17 Jan 2016 13:45:50 +0100
User-agent:	Mutt/1.5.21 (2010-09-15)

On Sun, Jan 17, 2016 at 10:30:56AM +0100, Mathieu Lirzin wrote:
> Hi,
> 
> Ben Woodcroft <address@hidden> writes:
> 
> > There is a somewhat popular bioinformatics program muscle whose
> > download tgz is a tar bomb. The bomb moniker seems especially
> > appropriate here, since it made the gnu-build-system error out, and
> > patching gnu-build-system requires a lot of rebuilding. In the
> > attached patches
> 
> IMO distributing a tar bomb is a bug, So I would prefer Guix not to work
> around it silently.  If it is rare, replacing the unpack phase manually
> should be enough.  However If it is common, we could add a procedure in
> (guix build utils) to avoid repetition of the same chunk of code.

It is rare these days.

[Prev in Thread]

Current Thread

[Next in Thread]

[PATCH] tar bombs and muscle, Ben Woodcroft, 2016/01/16
- Re: [PATCH] tar bombs and muscle, Ben Woodcroft, 2016/01/16
  - Re: [PATCH] tar bombs and muscle, Mathieu Lirzin, 2016/01/17
    - Re: [PATCH] tar bombs and muscle, Pjotr Prins <=
- Re: [PATCH] tar bombs and muscle, Eric Bavier, 2016/01/16
  - Re: [PATCH] tar bombs and muscle, Ben Woodcroft, 2016/01/17
- Re: [PATCH] tar bombs and muscle, Ricardo Wurmus, 2016/01/17

Prev by Date: Re: [PATCH] tar bombs and muscle
Next by Date: Re: [PATCH] gnu: boost: Enable tests.
Previous by thread: Re: [PATCH] tar bombs and muscle
Next by thread: Re: [PATCH] tar bombs and muscle
Index(es):
- Date
- Thread