On Wed, Apr 01, 2020 at 10:29:58PM +0200, Bernd Edlinger wrote: >PS: I have a discovered a very serious problem with the mailing lists >that must be fixed by our overseers. > >As an example please look at this one: >https://marc.info/?l=gdb-patches&m=158571308379946&w=2 > >you see this: > >-------------- next part -------------- >A non-text attachment was scrubbed... >Name: 0001-Fix-range-end-handling-of-inlined-subroutines.patch >Type: text/x-patch >Size: 10992 bytes >Desc: not available >URL: ><http://sourceware.org/pipermail/gdb-patches/attachments/20200313/5158bb87/attachment.bin> > >So there are two serious problems here: > >1. there is a single point of failure, if sourceware.org goes down the >attachment is lost.
sourceware.org has been in operation for 20+ years. There's lots of stuff relying on it so it isn't going anywhere. And, the patch is going to be in lots of inboxes. And, if sourceware.org goes down then the main gdb and gcc source code repositories will also be unavailable. But, of course, there will be hundreds of copies of that too. But, then, none of that matters since the "scrubbing" means that the patch is not offered inline in the *sourceware archives*. You still see the patch in your inbox. So, as Joseph Myers noted, it's a mystery why marc.info is reporting that. If you want another source for your patch you can find it here: http://sourceware-org.1504.n7.nabble.com/PATCH-0-2-Line-table-is-stmt-support-td613080i20.html#a619775 It also has a download link but it's from nabble.com. So, you can rest easy knowing that there is more than one place for people to find your patch if sourceware.org goes down. >@overseeers: PLEASE STOP IMMEDIATELY THAT SCRUBBING > >can you act now, or do you need a CVE number first ? On Thu, Apr 02, 2020 at 05:35:09AM +0200, Bernd Edlinger wrote: >Regarding the overseers, they repeatedly spoke up on this list, >but all the time they use an e-mail that bounces. >I'd call that impolite. If you know how to reach them, please >make them aware of this issue, because it is a security relevant >issue. Seriously. overseers is a mailing list. You can send email to it @ either the gcc.gnu.org or sourceware.org domains. It will be read by the small number of *volunteers* who keep the site running at no cost to you. But, all of this is, as I and others have noted, a non-issue for sourceware.org / gcc.gnu.org. If you do send email there you will be told that. By me.