From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) by finch.gentoo.org (Postfix) with ESMTP id D7AA5198005 for ; Sun, 10 Mar 2013 15:46:16 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 5EDF2E0793; Sun, 10 Mar 2013 15:46:13 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) (using TLSv1 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 6DC9EE075E for ; Sun, 10 Mar 2013 15:46:12 +0000 (UTC) Received: from pomiocik.lan (77-255-9-250.adsl.inetia.pl [77.255.9.250]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) (Authenticated sender: mgorny) by smtp.gentoo.org (Postfix) with ESMTPSA id 96C1433BF20; Sun, 10 Mar 2013 15:46:10 +0000 (UTC) Date: Sun, 10 Mar 2013 16:46:41 +0100 From: =?UTF-8?B?TWljaGHFgiBHw7Nybnk=?= To: gentoo-dev@lists.gentoo.org Cc: ciaran.mccreesh@googlemail.com Subject: Re: [gentoo-dev] [PATCH 1/7] multibuild: introduce a generic framework for custom phase functions. Message-ID: <20130310164641.7dc5f6bf@pomiocik.lan> In-Reply-To: <20130310152629.78718d46@googlemail.com> References: <20130310111644.0840d935@pomiocik.lan> <1362910691-8439-1-git-send-email-mgorny@gentoo.org> <20796.28754.738984.896903@a1i15.kph.uni-mainz.de> <20796.31150.637490.654018@a1i15.kph.uni-mainz.de> <20130310121825.054383fb@googlemail.com> <20130310141959.6217437d@pomiocik.lan> <20796.36426.784707.254728@a1i15.kph.uni-mainz.de> <20130310144806.57d30603@pomiocik.lan> <20130310152629.78718d46@googlemail.com> Organization: Gentoo X-Mailer: Claws Mail 3.9.0 (GTK+ 2.24.16; x86_64-pc-linux-gnu) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@lists.gentoo.org Reply-to: gentoo-dev@lists.gentoo.org Mime-Version: 1.0 Content-Type: multipart/signed; micalg=PGP-SHA512; boundary="Sig_/h/_ytdKDtKkomTpOqfH35QY"; protocol="application/pgp-signature" X-Archives-Salt: 1db14428-b27c-4d54-b07f-d7d7f77a4135 X-Archives-Hash: 26f1ce29e007f230ac0dce80515ff0a8 --Sig_/h/_ytdKDtKkomTpOqfH35QY Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable On Sun, 10 Mar 2013 15:26:29 +0000 Ciaran McCreesh wrote: > On Sun, 10 Mar 2013 14:48:06 +0100 > Micha=C5=82 G=C3=B3rny wrote: > > Well, unless we're talking about a theoretical package mangler which > > intentionally uses internal, old version of bash to prove the point. >=20 > That's a good idea, maybe we'll do that. Sounds like a good way of > doing better input validation. Perhaps we could patch our internal bash > to make it easier to catch certain other errors too. Please don't forget to bundle a few rootkits inside, so your users won't have to wait for security issues to be found in the ye ol' bash version you'll use. --=20 Best regards, Micha=C5=82 G=C3=B3rny --Sig_/h/_ytdKDtKkomTpOqfH35QY Content-Type: application/pgp-signature; name=signature.asc Content-Disposition: attachment; filename=signature.asc -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.19 (GNU/Linux) iQJ8BAEBCgBmBQJRPKrhXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ1RUJGMjBGOTk2RkIzQzIyQ0M2RkNBNDBC QUJGMUQ1RkY4QzgxMTBBAAoJELq/HV/4yBEKjM4P+wfBYFiD7sMSRWE8q3yDMorf 5chlCU5f/5ocviKFKK2jyFlmoBJPNB8CiR4fhKJOqmaJYSJTI1SWZl/BysataYqs 1qrcR9KmX1+xIQchB2vKfHMFztVWNiZZY8bekW89EOLANcObpYVOlWw+gtLD7lR+ z9GmEfYe3Zbd93MWPoiomyh3IA/eDtq/EfyJVOxrivFlZv9jeZOex9fTqIf/tLOu 3US7diKn2DoYODlJpc0QYqNhLz4OflPkFNSX52GRhWSokl7AVSEYOTj3lEbZ/W/a NgVUpJ/bEhjGkHwD1c4C7Al2M/6Z+qTQbRuUX31wPSo/p0M7Ql6mhTgFrNLoaL2/ WaRLrlzicLxAoojv4OQzEQN3hqgdd3MACCpUJ2oxN9i5XX93s5cMJ8avBJrTUkVn In/HnZ4rN+8exUQqBkLGtZTRhGNPHgp0/+17UyL+b9M3WiqSruWpCThf4tAc1K49 OXYbuu7t5xfRDaR50LzoMYsF+2kzMxvrBoLiisBcAAhgtK8aqDFF2CHw44C7yTaV iAKVIn4NYleIGXQUdV/RoBhvnFhg/GzdGGVLsHxUVhco2a3AWKIuSoFOmDNqgyQ6 v55pw6lsHlbjdFp5FnCzsR2TzVyfNWJ+zlnzUBvm9sKEvT/4qn5FIlJt0r2+iaUR WLB/V7dos0VALu4VPwtD =xahw -----END PGP SIGNATURE----- --Sig_/h/_ytdKDtKkomTpOqfH35QY--