GNU bug report logs - #19479
Package manager vulnerable

Previous Next

Package: emacs;

Reported by: Kelly Dean <kelly <at> prtime.org>

Date: Thu, 1 Jan 2015 12:40:02 UTC

Severity: important

Tags: security

Full log

View this message in rfc822 format

From: Stefan Kangas <stefan <at> marxist.se>
To: Noam Postavsky <npostavs <at> gmail.com>
Cc: 19479 <at> debbugs.gnu.org
Subject: bug#19479: Package manager vulnerable
Date: Mon, 7 Sep 2020 11:11:08 -0700

Noam Postavsky <npostavs <at> gmail.com> writes:

> Stefan Kangas <stefan <at> marxist.se> writes:
>
>>> Is this a function (rather than a variable) just so it can be in the
>>> same cl-flet* as do-check?
>>
>> I'm not sure I understand; it should be a function instead of a variable
>> because there is logic in there to match `(secure-hash-algorithms)'
>> against `(package-desc-checksums pkg-desc)' and signal an error.
>
> Ah, I think had forgotten about/was confused by cl-flet's (FUNC (lambda
> ARGLIST ...)) syntax when I wrote that.  Although I suppose you could
> make it a plain variable by moving it inside do-check's lambda (not sure
> if that's an improvement)?

Sure, you could do that.  I guess it's mostly down to style, but I
personally feel like that change would make the code a little bit harder
to read here.
This bug report was last modified 4 years and 203 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.