diff options
| author | Joey Hess <joeyh@joeyh.name> | 2016-04-13 12:39:57 -0400 |
|---|---|---|
| committer | Joey Hess <joeyh@joeyh.name> | 2016-04-13 12:39:57 -0400 |
| commit | d9bba6bda1bb4d8b5111a42c9e33159071588d77 (patch) | |
| tree | 1ea9018023c494fa69eee883044d55c95820fa9b /doc/forum | |
| parent | 230aef7c9cc53476ac1a768f337c936308d2c930 (diff) | |
move to todo, and close
Diffstat (limited to 'doc/forum')
3 files changed, 0 insertions, 24 deletions
diff --git a/doc/forum/concurrent-output_dependency_implies_compilation_of_a_lot_of_unstrusted_sources_as_root.mdwn b/doc/forum/concurrent-output_dependency_implies_compilation_of_a_lot_of_unstrusted_sources_as_root.mdwn deleted file mode 100644 index c40b29ef..00000000 --- a/doc/forum/concurrent-output_dependency_implies_compilation_of_a_lot_of_unstrusted_sources_as_root.mdwn +++ /dev/null @@ -1,3 +0,0 @@ -The recent dependency on concurrent-output adding implies downloading, compiling, and executing as root of many (MissingH, hslogger, process, unix-compat, network, directory, ansi-terminal, unix, ...) unstrusted sources. This seems like a huge security problem... - -Are these at least downloaded using https? diff --git a/doc/forum/concurrent-output_dependency_implies_compilation_of_a_lot_of_unstrusted_sources_as_root/comment_1_683c5b754fd7922ff3193a2f8bc6fd2e._comment b/doc/forum/concurrent-output_dependency_implies_compilation_of_a_lot_of_unstrusted_sources_as_root/comment_1_683c5b754fd7922ff3193a2f8bc6fd2e._comment deleted file mode 100644 index 39836219..00000000 --- a/doc/forum/concurrent-output_dependency_implies_compilation_of_a_lot_of_unstrusted_sources_as_root/comment_1_683c5b754fd7922ff3193a2f8bc6fd2e._comment +++ /dev/null @@ -1,14 +0,0 @@ -[[!comment format=mdwn - username="joey" - subject="""comment 1""" - date="2016-04-05T17:19:50Z" - content=""" -Yes, cabal is not secure from MITM. - -I've rethought adding that dependency so soon. I'll change back to bundling -concurrent-output in 3.0.1. - -I can force ghc to build the concurrent-output -module with -O2 as needed to get good memory use, and still let the rest of -propellor build with -O0, which was the main motivation for unbundling it. -"""]] diff --git a/doc/forum/concurrent-output_dependency_implies_compilation_of_a_lot_of_unstrusted_sources_as_root/comment_2_bd695a2e9ab90b355a71388dc6e7205d._comment b/doc/forum/concurrent-output_dependency_implies_compilation_of_a_lot_of_unstrusted_sources_as_root/comment_2_bd695a2e9ab90b355a71388dc6e7205d._comment deleted file mode 100644 index 5c17f1bb..00000000 --- a/doc/forum/concurrent-output_dependency_implies_compilation_of_a_lot_of_unstrusted_sources_as_root/comment_2_bd695a2e9ab90b355a71388dc6e7205d._comment +++ /dev/null @@ -1,7 +0,0 @@ -[[!comment format=mdwn - username="gueux" - subject="comment 2" - date="2016-04-05T18:41:31Z" - content=""" -great! thanks -"""]] |