mirrors/git-annex
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages 1 Wiki Activity Actions

forgot to add this comment

Browse source
This commit is contained in:
Joey Hess 2018-09-25 16:51:54 -04:00
parent 6134431254
commit 5ce9080d41
No known key found for this signature in database
GPG key ID: DB12DB0FF05F8F38
1 changed files with 15 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

15
doc/todo/better_exceptions_to_annex.security.allow-unverified-downloads/comment_1_048cdb0a814ec560373d8c5c01663fab._comment Normal file
View file

@ -0,0 +1,15 @@
[[!comment format=mdwn
username="joey"
subject="""comment 1"""
date="2018-09-25T18:51:11Z"
content="""
Added a per-remote configuration of that.
I thought about adding something to the external special remote protocol
to let them indicate what they are not vulnerable to CVE-2018-10857.
But it only affects WORM and URL keys, which I'm reluctant to complicate the
protocol for. (It would be better perhaps to just remove those types of
keys.) And it's actually rather difficult for external special
remote authors to guarantee that is the case, since libraries they use may
change over time.
"""]]