From mboxrd@z Thu Jan  1 00:00:00 1970
Path: news.gmane.io!.POSTED.blaine.gmane.org!not-for-mail
From: Jean Abou Samra <jean@abou-samra.fr>
Newsgroups: gmane.lisp.guile.user
Subject: Re: 64-bit Guile on Windows
Date: Wed, 6 Jul 2022 18:33:36 +0200
Message-ID: <54dc525c-9aaa-edc3-5f75-3b6fb8a65975@abou-samra.fr>
References: <m2fsjqus4y.fsf@twistedwave.com>
 <adb9c207-777f-5b74-c026-aaa3661cb582@abou-samra.fr>
 <6791233a2e66404803e97de8efb7ec6b9f77a174.camel@telenet.be>
Mime-Version: 1.0
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 8bit
Injection-Info: ciao.gmane.io; posting-host="blaine.gmane.org:116.202.254.214";
	logging-data="7883"; mail-complaints-to="usenet@ciao.gmane.io"
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101
 Thunderbird/91.11.0
Cc: Jonas Hahnfeld <hahnjo@hahnjo.de>
To: Maxime Devos <maximedevos@telenet.be>, guile-user@gnu.org
Original-X-From: guile-user-bounces+guile-user=m.gmane-mx.org@gnu.org Wed Jul 06 18:34:16 2022
Return-path: <guile-user-bounces+guile-user=m.gmane-mx.org@gnu.org>
Envelope-to: guile-user@m.gmane-mx.org
Original-Received: from lists.gnu.org ([209.51.188.17])
	by ciao.gmane.io with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
	(Exim 4.92)
	(envelope-from <guile-user-bounces+guile-user=m.gmane-mx.org@gnu.org>)
	id 1o97yi-0001qE-Hb
	for guile-user@m.gmane-mx.org; Wed, 06 Jul 2022 18:34:16 +0200
Original-Received: from localhost ([::1]:35264 helo=lists1p.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <guile-user-bounces+guile-user=m.gmane-mx.org@gnu.org>)
	id 1o97yg-00017m-T3
	for guile-user@m.gmane-mx.org; Wed, 06 Jul 2022 12:34:14 -0400
Original-Received: from eggs.gnu.org ([2001:470:142:3::10]:46628)
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <jean@abou-samra.fr>)
 id 1o97yA-00017c-EH
 for guile-user@gnu.org; Wed, 06 Jul 2022 12:33:42 -0400
Original-Received: from mout.kundenserver.de ([217.72.192.74]:34933)
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <jean@abou-samra.fr>)
 id 1o97y8-0005BZ-Or
 for guile-user@gnu.org; Wed, 06 Jul 2022 12:33:42 -0400
Original-Received: from [192.168.1.36] ([82.65.251.18]) by mrelayeu.kundenserver.de
 (mreue107 [212.227.15.184]) with ESMTPSA (Nemesis) id
 1MbSTX-1nbhxg2Xfd-00bvDD; Wed, 06 Jul 2022 18:33:37 +0200
Content-Language: en-US
In-Reply-To: <6791233a2e66404803e97de8efb7ec6b9f77a174.camel@telenet.be>
X-Provags-ID: V03:K1:F4SHu9WSWrGygyhw734gVIS/77fzKePGm5coN78Y9Rv5Qu0Tgj5
 Igpb+hCoJTzO9ElncCJ4LA8e9pvZnvPg0MGlzAisv4lDyGiu37wsd3vb0lW6Cv7L9ozRu7Y
 Zeez3OfzxGlCxbWW9aMWvfd7W18YeMYYlxQ8yI/n8zvav+k9r+y8qVnxyH0vRe/T3EvApgF
 OoVACxYtr5WNKWIqSktKQ==
X-UI-Out-Filterresults: notjunk:1;V03:K0:ubsNIX2W4Sk=:cbMrSXiWlkHeMEMvVbYugl
 ZKEGRgmoVEEnwheZEdWXUkvCNoxt0hC6LSy7XJAnoX2L0rSWKdcEbSixjXd8zUY6+o1Uh9A/K
 RFOmuf7BujvB7H6orZlISwCCw0Yf8Eljc7iSF8m0xtb6RkeXnik/yqBVyzMtaO0aORpYCD04i
 V0KQDcHS7UrJofBi35FwX6aPOrNXODtyzBz8rUZwjK1nvNn62/8xUKXOfP/gs81yMNacQJDCT
 TPzm/AVrPS2o5YpeDa7bp3HRmHmUERMRlsbDEjD4EvyMrDai7+0pi9fUgI7ule6eooyH1e0IS
 h7FzmXQKNddHfogH/8UCPwvHOdhn99eeGQkdjgeB9krfB5HhM481RrdgUV7pvuwIuzQISnyMp
 r1eZ67mXwf+NVZjxKNNf4ak3B8GGBtf5ZZEylFoQQcl3s5ttUKS+5Rt/TkJIg9Vy2DZOQ3L+W
 Y6uooPS7hZKmeEm6q4jP8vWhq2cY+lLho7/NIZn7XZR2ZJ3A4OnA/52XdNchSR3u4dKURMRU4
 vYGwBh8ttnVh3ge/rjLuhi3Dh2ZAHpxKtUkpRUGOjB5BpzvcR1i/bmyqmrtmgZviu/0uUK3Zs
 niJnfpQ7iAMmIr8VANOq7PM9z+t7d/4djLSQ+h1u2GKBtMgruDBg8QCsMgqEMrFIBoOxNlJBF
 KOvI2a1xJUtirs+yolHBaQTmhF521MpX1hw6uSsgIJTIOZuE6P9+E0JbOpyhKQFJBFXXjYNqq
 LJm4wfAy/+K/78KF5gYIWRSdpMT8iGnojd3LzQ==
Received-SPF: none client-ip=217.72.192.74; envelope-from=jean@abou-samra.fr;
 helo=mout.kundenserver.de
X-Spam_score_int: -18
X-Spam_score: -1.9
X-Spam_bar: -
X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, NICE_REPLY_A=-0.001,
 RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001,
 SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-BeenThere: guile-user@gnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: General Guile related discussions <guile-user.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/guile-user>,
 <mailto:guile-user-request@gnu.org?subject=unsubscribe>
List-Archive: <https://lists.gnu.org/archive/html/guile-user>
List-Post: <mailto:guile-user@gnu.org>
List-Help: <mailto:guile-user-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/guile-user>,
 <mailto:guile-user-request@gnu.org?subject=subscribe>
Errors-To: guile-user-bounces+guile-user=m.gmane-mx.org@gnu.org
Original-Sender: "guile-user" <guile-user-bounces+guile-user=m.gmane-mx.org@gnu.org>
Xref: news.gmane.io gmane.lisp.guile.user:18400
Archived-At: <http://permalink.gmane.org/gmane.lisp.guile.user/18400>

On 6/28/22 12:52, Maxime Devos wrote:
> Jean Abou Samra schreef op di 28-06-2022 om 10:38 [+0200]:
>> We had exactly the same problem at LilyPond, and this was the fix:
>>
>> https://gitlab.com/lilypond/lilypond/-/blob/master/release/binaries/lib/dependencies.py#L721
>>
> For security, shouldn't this check the hash of the downloaded tarballls
> and patches?


Sorry, I forgot to reply to this. Yes, it likely should. On the other
hand, LilyPond has a lot of much more pressing security issues to care 
about…

Jean