mirrors/git-annex
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages 1 Wiki Activity Actions

update

Browse source
This commit is contained in:
Joey Hess 2018-06-18 18:01:33 -04:00
parent c81b879d39
commit daac67c9b1
No known key found for this signature in database
GPG key ID: DB12DB0FF05F8F38
1 changed files with 6 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

6
doc/devblog/day_502__security_hole_part_4.mdwn
View file

@ -14,3 +14,9 @@ Several people I reached out to for help with special remotes have gotten
back to me, and we're discussing how the security hole may affect them and back to me, and we're discussing how the security hole may affect them and
what to do. Thanks especially to Robie Basak and Daniel Dent for their what to do. Thanks especially to Robie Basak and Daniel Dent for their
work on security analysis. work on security analysis.
Also prepared a minimal backport of the security fixes for the git-annex in
Debian stable, which will probably be more palatable to their security team
than the full 2000+ lines of patches I've developed so far.
The minimal fix is secure, but suboptimal; it prevents even safe urls from
being downloaded from the web special remote by default.