Date: Fri, 16 Nov 2012 14:03:17 -0500 From: Rich Felker <dalias@...ifal.cx> To: musl@...ts.openwall.com Subject: Re: Remaining agenda for 0.9.8 On Fri, Nov 16, 2012 at 07:02:26AM -0800, Isaac Dunham wrote: > On Fri, 16 Nov 2012 02:11:35 -0500 > Rich Felker <dalias@...ifal.cx> wrote: > > > > For releases that do need more testing, what would you think of rc > > > tarballs? While git can be built with only libc as a dependency* > > > (NO_PYTHON=1 NO_PERL=1 MSGFMT=true... if I remember right), "pull > > > from git" does still limit your audience. > > > > The old gitweb had a "download tarball" link. I don't think cgit has > > BTW, I hope you've updated cgit recently: there's a command > execution bug that was recently fixed (as well as another security > issue). The attack vector is malicious repositories. If the repository had malicious commits injected into it, that would be considerably worse than somebody obtaining limited access on the webserver. :-) But I will go ahead and upgrade it soon anyway. Rich
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.