[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Autoexpanding ZIP archives?

From: Hadmut Danisch <hadmut_at_danisch.de>
Date: 2005-12-07 19:14:03 CET

On Wed, Dec 07, 2005 at 01:01:40PM -0500, John Peacock wrote:
>
> 1) security;
> 4) did I mention security?

I think so. But as a person who mainly works in the field of security
for about 15 years, I do not yet see why such transformations should
directly imply security problems. Of course, poorly implemented
scripts could, but that's not an argument. If an attacker has access
to the repository, he could also modify source code and wait until
someone checks out, compiles, and runs it.

regards
Hadmut

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Wed Dec 7 19:20:56 2005

This is an archived mail posted to the Subversion Dev mailing list.