On Wednesday 20 September 2006 23:34, Pascal Bleser wrote: > Anders Johansson wrote: > > On Wednesday 20 September 2006 23:21, Andreas Hanke wrote: > >> Craig Millar schrieb: > >>> Guess that channel is off limits until someone either modifies the > >>> repodata or smart is fixed. :( > >> > >> smart doesn't need to be fixed because it's not smart's fault. > > > > A program should never ever crash on bad input. Any program that does has > > a bug and needs to be fixed. > > > > Of course it won't help you download packages, but it will provide nicer > > (comprehensible) error messages, and avoid possible exploits (just about > > all of them rely on programs crashing on bad input) > > Erm, sure, but if you fear the repository metadata to be abused to do > something malicious on your box, that's the least of your problems. > > I could just make a new amarok, apache or whatever release in my repo > and put a "rm -rf /" in %pre or %post
which is also why I keep telling people to only use repositories from trusted sources (and yes, you are one of them) But it's just out of general principles. A program crashing, regardless of the reason for it, is just sloppy. It means the programmer forgot to handle a possible error source --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
