Re: Autoexpanding ZIP archives?

From: Hadmut Danisch <hadmut_at_danisch.de>
Date: 2005-12-07 19:14:03 CET

On Wed, Dec 07, 2005 at 01:01:40PM -0500, John Peacock wrote:
>
> 1) security;
> 4) did I mention security?

I think so. But as a person who mainly works in the field of security
for about 15 years, I do not yet see why such transformations should
directly imply security problems. Of course, poorly implemented
scripts could, but that's not an argument. If an attacker has access
to the repository, he could also modify source code and wait until
someone checks out, compiles, and runs it.

regards
Hadmut

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Wed Dec 7 19:20:56 2005

This message: [ Message body ]
Next message: Greg Hudson: "Re: Autoexpanding ZIP archives?"
Previous message: John Peacock: "Re: Autoexpanding ZIP archives?"
In reply to: John Peacock: "Re: Autoexpanding ZIP archives?"
Next in thread: Greg Hudson: "Re: Autoexpanding ZIP archives?"
Reply: Greg Hudson: "Re: Autoexpanding ZIP archives?"
Reply: John Peacock: "Re: Autoexpanding ZIP archives?"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]