pause icon indicating copy to clipboard operation
pause copied to clipboard

Published 20 hours ago verified publisher icon andk

mldistwatch: forbid tarbombs from being indexed

Open rjbs opened this issue 1 year ago • 3 comments

Previously, you could upload a tarball with "Foo.pm" in the root and we would index that. From now on, dists must have a top-level directory, and only that one directory.

rjbs avatar Apr 28 '23 08:04 rjbs

Does this handle a tarball with a top level '.' directory properly?

haarg avatar Apr 28 '23 08:04 haarg

No! (concluded by thinking about it, not testing)

rjbs avatar Apr 29 '23 10:04 rjbs

@rjbs, could you review and resolve conflicts?

andk avatar Apr 29 '23 13:04 andk