On 03/04/19 at 11:23am, Allan McRae wrote: > On 2/3/19 8:19 pm, Allan McRae wrote: > > Deltas are broken. So much so that I would strongly recommend never > > using a delta from a repo that you did not generate yourself. In short, > > we call "system(command)", with a command that includes the name of > > a delta file, and the name of the package file before and after applying > > the delta. The name of the delta and the package files is controlled by > > the information in the repo, and could contain a malicious command to be > > run as root. > > > > We could possibly work around this, but it is a very risky piece of code > > and I believe it would be very hard to fully secure. Instead, I propose > > to remove delta support completely. > > FYI, I'll retract my statement that it would be hard to fully secure. > It is entirely possible to avoid spiking in shell code into the file > names. But I'd still be happy removing deltas.
I've wanted to remove deltas for some time just due to how poorly tested and maintained they are, so this still gets a +1 from me. You missed references to deltaratio in etc/pacman.conf and README.
