From mboxrd@z Thu Jan 1 00:00:00 1970 From: Hartmut Goebel Subject: Re: store reference detection (was Re: JARs and reference scanning) Date: Fri, 12 May 2017 21:54:32 +0200 Message-ID: <591612F8.40408@crazy-compilers.com> References: <87a876pwaq.fsf@gmail.com> <8760hr7mwl.fsf@gmail.com> <20170426.135333.1620868924745053745.post@thomasdanckaert.be> <87fugu6jzg.fsf@gnu.org> <59022E86.1020709@crazy-compilers.com> <8760hjig4r.fsf@gnu.org> <590F179B.4060306@crazy-compilers.com> <87shkafvhu.fsf@netris.org> <87o9uyv665.fsf@gmail.com> <87inl6ht4p.fsf@netris.org> Mime-Version: 1.0 Content-Type: multipart/alternative; boundary="------------030504040007050906070100" Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:51061) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1d9Ge8-0005Eg-Mj for guix-devel@gnu.org; Fri, 12 May 2017 15:54:41 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1d9Ge5-00036P-HU for guix-devel@gnu.org; Fri, 12 May 2017 15:54:40 -0400 Received: from mail-out.m-online.net ([212.18.0.10]:51416) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1d9Ge5-00032n-5J for guix-devel@gnu.org; Fri, 12 May 2017 15:54:37 -0400 In-Reply-To: <87inl6ht4p.fsf@netris.org> List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org Sender: "Guix-devel" To: Mark H Weaver , Chris Marusich Cc: guix-devel@gnu.org This is a multi-part message in MIME format. --------------030504040007050906070100 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit Am 12.05.2017 um 19:39 schrieb Mark H Weaver: > It would not interfere, but it could have the effect of *hiding* > security problems due to a failure to graft properly. > [...] > If we create a redundant set of references in another file, then > problems like this could go undetected for a long time. Reading you comments (and words like "hidden"), I assume you are referring to some compressed or otherwise unreadable data. Please don't confuse this: We are *not* talking about compressed files, but about plain text (or stored uncomressed within e.g. a zip-file). -- Regards Hartmut Goebel | Hartmut Goebel | h.goebel@crazy-compilers.com | | www.crazy-compilers.com | compilers which you thought are impossible | --------------030504040007050906070100 Content-Type: text/html; charset=utf-8 Content-Transfer-Encoding: 7bit
Am 12.05.2017 um 19:39 schrieb Mark H Weaver:
It would not interfere, but it could have the effect of *hiding*
security problems due to a failure to graft properly.
[...]
If we create a redundant set of references in another file, then
problems like this could go undetected for a long time.

Reading you comments (and words like "hidden"), I assume you are referring to some compressed or otherwise unreadable data.

Please don't confuse this: We are *not* talking about compressed files, but about plain text (or stored uncomressed within e.g. a zip-file).

-- 
Regards
Hartmut Goebel

| Hartmut Goebel          | h.goebel@crazy-compilers.com               |
| www.crazy-compilers.com | compilers which you thought are impossible |
--------------030504040007050906070100--