public inbox for gentoo-dev@lists.gentoo.org
 help / color / mirror / Atom feed
From: Doug Goldstein <cardoe@gentoo.org>
To: gentoo-dev@lists.gentoo.org
Subject: Re: [gentoo-dev]  Re: RFC: lzma tarball usage
Date: Thu, 08 May 2008 09:41:49 -0400	[thread overview]
Message-ID: <4823031D.7050303@gentoo.org> (raw)
In-Reply-To: <482300F2.9030403@gentoo.org>

Doug Goldstein wrote:
> Ciaran McCreesh wrote:
>> On Thu, 08 May 2008 09:17:08 -0400
>> Doug Goldstein <cardoe@gentoo.org> wrote:
>>  
>>> It's troubling to me that projects are using lzma when it's on disk
>>> format isn't even final and the project has security issues.
>>>     
>>
>> You mean projects like 'GNU tar'?
>>
>>   
> As far as I know Ciaran, all GNU projects have switched or are in the 
> process of switching to lzma over bzip2. I believe the issue in 
> question which prompted this original e-mail was due to coreutils. But 
> I could be wrong.
Additionally to follow myself up, I believe one of the security issues 
was execution of arbitrary data either when untarred or just 
decompressed (assuming a  specially crafted lzma file).

Some of the other fun bits are lzma requires autotools but autotools are 
going to be compressed with lzma. So if we ever need to autoreconf, we 
have a chicken/egg issue.
-- 
gentoo-dev@lists.gentoo.org mailing list



  parent reply	other threads:[~2008-05-08 13:41 UTC|newest]

Thread overview: 36+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2008-05-07 13:23 [gentoo-dev] RFC: lzma tarball usage Mart Raudsepp
2008-05-07 13:34 ` Fabian Groffen
2008-05-08 18:45   ` Mart Raudsepp
2008-05-08 19:09     ` Fabian Groffen
2008-05-08 19:17       ` Santiago M. Mola
2008-05-08 19:21       ` Mart Raudsepp
2008-05-17 15:55     ` Enrico Weigelt
2008-05-10  7:32   ` Mike Frysinger
2008-05-10  7:36     ` Fabian Groffen
2008-05-10  9:57       ` Mike Frysinger
2008-05-07 14:12 ` Natanael Copa
2008-05-07 14:55   ` Ulrich Mueller
2008-05-08  8:06     ` [gentoo-dev] " Duncan
2008-05-08 10:49       ` Diego 'Flameeyes' Pettenò
2008-05-08 10:59         ` Graham Murray
2008-05-08 11:31           ` Diego 'Flameeyes' Pettenò
2008-05-08 11:41         ` Ulrich Mueller
2008-05-07 14:53 ` [gentoo-dev] " Benedikt Morbach
2008-05-07 15:03   ` Ulrich Mueller
2008-05-07 15:02 ` Benedikt Morbach
2008-05-07 16:06 ` Chris Gianelloni
2008-05-07 18:38 ` Enrico Weigelt
2008-05-07 20:01   ` Richard Freeman
2008-05-07 20:10     ` Doug Goldstein
2008-05-08  0:52 ` [gentoo-dev] " Ryan Hill
2008-05-08 13:17   ` Doug Goldstein
2008-05-08 13:28     ` Ciaran McCreesh
2008-05-08 13:32       ` Doug Goldstein
2008-05-08 13:36         ` Ciaran McCreesh
2008-05-08 13:43           ` Doug Goldstein
2008-05-09  8:37             ` James Cloos
2008-05-08 14:30           ` Diego 'Flameeyes' Pettenò
2008-05-08 13:41         ` Doug Goldstein [this message]
2008-05-08 14:33           ` Robert Buchholz
2008-05-09  1:04     ` Ryan Hill
2008-05-08 11:30 ` [gentoo-dev] " Luca Barbato

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=4823031D.7050303@gentoo.org \
    --to=cardoe@gentoo.org \
    --cc=gentoo-dev@lists.gentoo.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox