From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp10.migadu.com ([2001:41d0:8:6d80::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms5.migadu.com with LMTPS id gAFmCX1p6WK2aAAAbAwnHQ (envelope-from ) for ; Tue, 02 Aug 2022 20:14:21 +0200 Received: from aspmx1.migadu.com ([2001:41d0:8:6d80::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp10.migadu.com with LMTPS id cC5eCH1p6WI5tgAAG6o9tA (envelope-from ) for ; Tue, 02 Aug 2022 20:14:21 +0200 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id C9AED2F615 for ; Tue, 2 Aug 2022 20:14:20 +0200 (CEST) Received: from localhost ([::1]:58444 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1oIwPJ-0003jk-Qt for larch@yhetil.org; Tue, 02 Aug 2022 14:14:19 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:33594) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1oIwP4-0003jN-Ca for bug-guix@gnu.org; Tue, 02 Aug 2022 14:14:02 -0400 Received: from debbugs.gnu.org ([209.51.188.43]:55276) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1oIwP4-0000EG-2S for bug-guix@gnu.org; Tue, 02 Aug 2022 14:14:02 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1oIwP3-0005dP-U3 for bug-guix@gnu.org; Tue, 02 Aug 2022 14:14:01 -0400 X-Loop: help-debbugs@gnu.org Subject: bug#56895: rust-brotli-sys bundles (insecure!) brotli Resent-From: Maxime Devos Original-Sender: "Debbugs-submit" Resent-CC: bug-guix@gnu.org Resent-Date: Tue, 02 Aug 2022 18:14:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 56895 X-GNU-PR-Package: guix X-GNU-PR-Keywords: To: Nicolas Goaziou , 56895@debbugs.gnu.org Received: via spool by 56895-submit@debbugs.gnu.org id=B56895.165946403121632 (code B ref 56895); Tue, 02 Aug 2022 18:14:01 +0000 Received: (at 56895) by debbugs.gnu.org; 2 Aug 2022 18:13:51 +0000 Received: from localhost ([127.0.0.1]:45024 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1oIwOs-0005cq-R5 for submit@debbugs.gnu.org; Tue, 02 Aug 2022 14:13:51 -0400 Received: from albert.telenet-ops.be ([195.130.137.90]:42402) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1oIwOq-0005cf-8M for 56895@debbugs.gnu.org; Tue, 02 Aug 2022 14:13:48 -0400 Received: from [IPV6:2a02:1811:8c09:9d00:5dba:d409:33f7:a16] ([IPv6:2a02:1811:8c09:9d00:5dba:d409:33f7:a16]) by albert.telenet-ops.be with bizsmtp id 2iDm2800R20ykKC06iDm7H; Tue, 02 Aug 2022 20:13:46 +0200 Message-ID: Date: Tue, 2 Aug 2022 20:13:46 +0200 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.11.0 Content-Language: en-US From: Maxime Devos References: <54a7e640-ae14-6e6c-6877-35ddc6bb3e35@telenet.be> In-Reply-To: <54a7e640-ae14-6e6c-6877-35ddc6bb3e35@telenet.be> Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="------------2FE52p8ToHprwSOKgQqZEwKn" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=telenet.be; s=r22; t=1659464027; bh=7Xy0dc72twjA/AU4Zdv1Sv0NLT+GqNWQX/iFYpXCztY=; h=Date:Subject:From:To:References:In-Reply-To; b=kRtyID5u/mpzgKXfRfYKvti+mcROfKY0mrf2ztBKjK5xv5zANeqFbp2Ogez8M0e0B bQ6M8e+3LVqTFDxOmuXCX3UE4j6GP8/xRO6jr+8fNKiUCCcPh1UxqX2nUMz5MbZX+a kStIxHWpwtAl5X6IDKqrQ77N2pU7f60ofha4y3NaRFqTAQ/uCpMjyeEdR67M0D5tqG ihb4zLdwrPMDmtK3iitW5P06qHu83LooKljTMz/2jci4qDIXDPEYYbObQ8phNx/xMe GpoZ/7cxRs1mUmfb9trGAWbGBQnfRI2xE5jsbQuzpVpXk/KD2VITpImiXLFJmH3/3w OVzyqXunbRxeQ== X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: bug-guix@gnu.org List-Id: Bug reports for GNU Guix List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-guix-bounces+larch=yhetil.org@gnu.org Sender: "bug-Guix" X-Migadu-Flow: FLOW_IN X-Migadu-To: larch@yhetil.org X-Migadu-Country: US ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1659464060; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type:resent-cc:resent-from:resent-sender: resent-message-id:in-reply-to:in-reply-to:references:references: list-id:list-help:list-unsubscribe:list-subscribe:list-post: dkim-signature; bh=7Xy0dc72twjA/AU4Zdv1Sv0NLT+GqNWQX/iFYpXCztY=; b=W/E+eTrB468Eyqg8qtVL9wp5NIleEcmM6opMkNmZoHRqPhJILpFlPvt7wEqAzfGNbeOAaA y7Y8GsX7qtdImDJf3NADjchCgAl6qRsgqXwWs5GCRHzowMfISyluqKV+WaFZ0SZSY6p+yV iPSxB4SOyWRWy8s47kydllQtVV3SbN3brLc9CYpv67FA01URg6KqvwPh+NzEIJwwBa/p6K rlWPt7pWTQs/g4IcnQ+9uechlnKPLUYcMAb0uIkin7Jw2dfejV/9FbG54nlUz5CCsAKIb2 CLGyWIhQtmFKpLYCfdhzlYql973qz4hNaa8FhXdbypjXZwgoIFWl3bgZrAfbdQ== ARC-Seal: i=1; s=key1; d=yhetil.org; t=1659464060; a=rsa-sha256; cv=none; b=PaTwG3WNOBpX9I9lXLTr6D4oSL+f3j6xDwrSlpjeMAOwDWKUTXA3GqiLSDMoQKfZ7Ta+TE C25UnsjhUX1Utymz+V+E7NeZGN8KELtGRQz93ja1qLNacP6Sf+WGdxXRTXvJJM3dga1Zmh C+/unWwEUh8cgMfzW3huXG+Ll0+kPttvmyYGYn8jg1Xm0/5p9JMAK0JPCfJYgPW+gdWGKz BjzfuvFybWtfLTYqV8LmqYr5uywOf+yE2Dkzh6y/IvlMjP5a0i7cbujxRP3bwLKJoWghjT dUb43cNqYQal4fMqMS+d/wgrDvh7++GCkbLOtuMLBkjNCI9b2FvM6rz7nyJYKA== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=telenet.be header.s=r22 header.b=kRtyID5u; dmarc=fail reason="SPF not aligned (relaxed)" header.from=telenet.be (policy=none); spf=pass (aspmx1.migadu.com: domain of "bug-guix-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="bug-guix-bounces+larch=yhetil.org@gnu.org" X-Migadu-Spam-Score: 4.88 Authentication-Results: aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=telenet.be header.s=r22 header.b=kRtyID5u; dmarc=fail reason="SPF not aligned (relaxed)" header.from=telenet.be (policy=none); spf=pass (aspmx1.migadu.com: domain of "bug-guix-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="bug-guix-bounces+larch=yhetil.org@gnu.org" X-Migadu-Queue-Id: C9AED2F615 X-Spam-Score: 4.88 X-Migadu-Scanner: scn0.migadu.com X-TUID: TQo6xb4Jv0QV This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --------------2FE52p8ToHprwSOKgQqZEwKn Content-Type: multipart/mixed; boundary="------------2K1YoAJBPm8rsCfhfhHHctWA"; protected-headers="v1" From: Maxime Devos To: Nicolas Goaziou , 56895@debbugs.gnu.org Message-ID: Subject: Re: rust-brotli-sys bundles (insecure!) brotli References: <54a7e640-ae14-6e6c-6877-35ddc6bb3e35@telenet.be> In-Reply-To: <54a7e640-ae14-6e6c-6877-35ddc6bb3e35@telenet.be> --------------2K1YoAJBPm8rsCfhfhHHctWA Content-Type: multipart/mixed; boundary="------------EZMD0poXjdW3GOh8m16kol15" --------------EZMD0poXjdW3GOh8m16kol15 Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: base64 RnJpZW5kbHkgcmVtaW5kZXIgdG8gdGhlIG9yaWdpbmFsIHBhdGNoIGF1dGhvciBhbmQgY29t bWl0dGVyICgqKSB0byANCmNoZWNrIGZvciBidW5kbGluZyBkdXJpbmcgcmV2aWV3Lg0KDQoo KikgDQpodHRwczovL2dpdC5zYXZhbm5haC5nbnUub3JnL2NnaXQvZ3VpeC5naXQvY29tbWl0 Lz9pZD01MmNjMTZiMzhiMWIwMWIyYmIzNTRlZDU1MTAxMjA4NTZkZTE1ZDM5DQoNCkdyZWV0 aW5ncywNCk1heGltZS4NCg== --------------EZMD0poXjdW3GOh8m16kol15 Content-Type: application/pgp-keys; name="OpenPGP_0x49E3EE22191725EE.asc" Content-Disposition: attachment; filename="OpenPGP_0x49E3EE22191725EE.asc" Content-Description: OpenPGP public key Content-Transfer-Encoding: quoted-printable -----BEGIN PGP PUBLIC KEY BLOCK----- xjMEX4ch6BYJKwYBBAHaRw8BAQdANPb/d6MrGnGi5HyvODCkBUJPRjiFQcRU5V+m xvMaAa/NL01heGltZSBEZXZvcyA8bWF4aW1lLmRldm9zQHN0dWRlbnQua3VsZXV2 ZW4uYmU+wpAEExYIADgWIQTB8z7iDFKP233XAR9J4+4iGRcl7gUCX4ch6AIbAwUL CQgHAwUVCgkICwUWAgMBAAIeAQIXgAAKCRBJ4+4iGRcl7japAQC3opZ2KGWzWmRc /gIWSu0AAcfMwyinFEEPa/QhUt2CogD/e2RdF4CYAgaRHJJmZ9WU7piKbLZ7llB4 LzgezVDHggzNJU1heGltZSBEZXZvcyA8bWF4aW1lZGV2b3NAdGVsZW5ldC5iZT7C kAQTFggAOBYhBMHzPuIMUo/bfdcBH0nj7iIZFyXuBQJf56ycAhsDBQsJCAcDBRUK CQgLBRYCAwEAAh4BAheAAAoJEEnj7iIZFyXujpQBAKV1SwDDl4f24rXciDlB9L8W ycZt30CgbewMSRQk4mvbAP9dFMbVVixYBd6C8cfhR+NsOBGiOJnQABlUmgNuqGFJ Dc44BF+HIegSCisGAQQBl1UBBQEBB0BOlzIWiJzgobMF6/cqwLaLk7jIcFSZ++c0 k9cCNT6YXwMBCAfCeAQYFggAIBYhBMHzPuIMUo/bfdcBH0nj7iIZFyXuBQJfhyHo AhsMAAoJEEnj7iIZFyXuMr0BAJc8cl5PGvVmVuSQVKjleNl4DK1/XAaPAYPe34AE fZJPAP9IqLCQhH/FeJanHqBP8gNdGNI2qn8RnnLVfRJgUjZ1BA=3D=3D =3DOVqp -----END PGP PUBLIC KEY BLOCK----- --------------EZMD0poXjdW3GOh8m16kol15-- --------------2K1YoAJBPm8rsCfhfhHHctWA-- --------------2FE52p8ToHprwSOKgQqZEwKn Content-Type: application/pgp-signature; name="OpenPGP_signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="OpenPGP_signature" -----BEGIN PGP SIGNATURE----- wnsEABYIACMWIQTB8z7iDFKP233XAR9J4+4iGRcl7gUCYulpWgUDAAAAAAAKCRBJ4+4iGRcl7kdH AQDAb8I/B9YRoJNqRC6AOZLc6aAdhGmG3+ovNbpLZ1nO7QD/cOXDGMVziQqLZKB+SjyEM5ak2qsx GaswsVK092wejQ4= =Z5ku -----END PGP SIGNATURE----- --------------2FE52p8ToHprwSOKgQqZEwKn--