On 2017-10-19 20:07, Luca De Feo wrote:
There you go for something crippled! https://shattered.io/
I don't think that this is actually relevant. This attack would only work if an attacker is able to provide a specially manufactured source tarball and get it accepted by SageMath. At that point, the attacker could instead just insert arbitrary code in the source tarball.
-- You received this message because you are subscribed to the Google Groups "sage-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to sage-devel+unsubscr...@googlegroups.com. To post to this group, send email to sage-devel@googlegroups.com. Visit this group at https://groups.google.com/group/sage-devel. For more options, visit https://groups.google.com/d/optout.