[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH] tar bombs and muscle
From: |
Pjotr Prins |
Subject: |
Re: [PATCH] tar bombs and muscle |
Date: |
Sun, 17 Jan 2016 13:45:50 +0100 |
User-agent: |
Mutt/1.5.21 (2010-09-15) |
On Sun, Jan 17, 2016 at 10:30:56AM +0100, Mathieu Lirzin wrote:
> Hi,
>
> Ben Woodcroft <address@hidden> writes:
>
> > There is a somewhat popular bioinformatics program muscle whose
> > download tgz is a tar bomb. The bomb moniker seems especially
> > appropriate here, since it made the gnu-build-system error out, and
> > patching gnu-build-system requires a lot of rebuilding. In the
> > attached patches
>
> IMO distributing a tar bomb is a bug, So I would prefer Guix not to work
> around it silently. If it is rare, replacing the unpack phase manually
> should be enough. However If it is common, we could add a procedure in
> (guix build utils) to avoid repetition of the same chunk of code.
It is rare these days.