[aur-general] AUR no more extracting source tarballs ( was: Upgraded AUR to 1.8.0)
Ionuț Bîru
ibiru at archlinux.org
Mon Feb 21 17:51:32 EST 2011
On 02/22/2011 12:35 AM, Isaac Dupree wrote:
> On 02/21/11 10:54, Lukas Fleischer wrote:
>> Yes, like having two 1GB large files `tar -czf`'ed and uploading the
>> resulting tarball to the AUR. I don't think that can be detected without
>> being vulnerable to DoS attacks.
>
> What if the PKGBUILD itself is a 1GB file? For example a normal looking
> PKGBUILD followed by a billion newlines. That probably compresses pretty
> well.
>
> (/foolishly responding without reading code)
>
> -Isaac
actually if i remember well somebody did that in the past.
--
Ionuț
More information about the aur-general
mailing list