[Rpm-maint] [rpm-software-management/rpm] spec file preprocessing on rpm level (#1472)

Michal Novotný notifications at github.com
Fri Jan 28 17:27:38 UTC 2022


> Consider a tool that generates changelogs from user-provided input. Changelogs are not executable in any way, so even if they come from untrusted sources, it should be sufficient to ensure they are properly escaped, well-formed, and only contain printable ASCII. A preprocessor like you mentioned breaks this assumption.

I don't really understand what assumption is broken, by what way and by which tool. Can you be more specific, please or show an example?



-- 
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/issues/1472#issuecomment-1024443861
You are receiving this because you are subscribed to this thread.

Message ID: <rpm-software-management/rpm/issues/1472/1024443861 at github.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rpm.org/pipermail/rpm-maint/attachments/20220128/1f6eb37d/attachment.html>


More information about the Rpm-maint mailing list