From debbugs-submit-bounces@debbugs.gnu.org Tue Aug 02 14:06:43 2022 Received: (at submit) by debbugs.gnu.org; 2 Aug 2022 18:06:43 +0000 Received: from localhost ([127.0.0.1]:45004 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1oIwHz-0005R8-AT for submit@debbugs.gnu.org; Tue, 02 Aug 2022 14:06:43 -0400 Received: from lists.gnu.org ([209.51.188.17]:37460) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1oIwHv-0005Qy-FW for submit@debbugs.gnu.org; Tue, 02 Aug 2022 14:06:42 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:60302) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1oIwHv-0005lY-1g for bug-guix@gnu.org; Tue, 02 Aug 2022 14:06:39 -0400 Received: from laurent.telenet-ops.be ([2a02:1800:110:4::f00:19]:50898) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1oIwHs-0007XU-O5 for bug-guix@gnu.org; Tue, 02 Aug 2022 14:06:38 -0400 Received: from [IPV6:2a02:1811:8c09:9d00:5dba:d409:33f7:a16] ([IPv6:2a02:1811:8c09:9d00:5dba:d409:33f7:a16]) by laurent.telenet-ops.be with bizsmtp id 2i6X2800C20ykKC01i6Xm2; Tue, 02 Aug 2022 20:06:32 +0200 Message-ID: <54a7e640-ae14-6e6c-6877-35ddc6bb3e35@telenet.be> Date: Tue, 2 Aug 2022 20:06:31 +0200 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.11.0 Content-Language: en-US To: bug-guix@gnu.org From: Maxime Devos Subject: rust-brotli-sys bundles (insecure!) brotli Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="------------FdgYJyYuN1KS3gl4RdzwJjgR" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=telenet.be; s=r22; t=1659463592; bh=WjpfjY16KWzYc0BoaHdpbsv+USX+j8NEegZsSHonoic=; h=Date:To:From:Subject; b=AVGS3ZMR6kVJX462nRokby8YhtdlSP7C2UX78j+3O7m+rJXuKBSN1+YQ/Lyf519Z/ 7CjkRN7mAd2f2tdjQ1/DRyYacxCToM9fXyUCXjGDvsp65lUmC28YHY3Y+CkorbOIc8 AARrOTUfZ7xT/Vz/9CJ/cxYhHUZ9FQy1zCOQpmBWVDgNDI407+lDFJY2xlYLnl0tNP v6DnpcGYygSH+H/CsIqrUxcNwIvquApshSt58cQl1OxjAyo+iJROLeisD+oNfv2St0 VkwE2HB8RB1WJ8kGH3fIvfI31/fN6nkSAlkb3F21e0qsxvznICpzGB5b7fzUm11Sm8 i+Nw+Q7hNpeIg== Received-SPF: pass client-ip=2a02:1800:110:4::f00:19; envelope-from=maximedevos@telenet.be; helo=laurent.telenet-ops.be X-Spam_score_int: -27 X-Spam_score: -2.8 X-Spam_bar: -- X-Spam_report: (-2.8 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-Spam-Score: -1.3 (-) X-Debbugs-Envelope-To: submit X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -2.3 (--) This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --------------FdgYJyYuN1KS3gl4RdzwJjgR Content-Type: multipart/mixed; boundary="------------1F5rJeMuK2OZ5pbNsY4929IP"; protected-headers="v1" From: Maxime Devos To: bug-guix@gnu.org Message-ID: <54a7e640-ae14-6e6c-6877-35ddc6bb3e35@telenet.be> Subject: rust-brotli-sys bundles (insecure!) brotli --------------1F5rJeMuK2OZ5pbNsY4929IP Content-Type: multipart/mixed; boundary="------------QqDbmtWET80aggGm69qd0CZl" --------------QqDbmtWET80aggGm69qd0CZl Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: base64 SSBub3RpY2VkIHJ1c3QtYnJvdGxpLXN5cyBidW5kbGVzIGJyb3RsaTogDQo8aHR0cHM6Ly9n aXRodWIuY29tL2JpdGVteWFwcC9icm90bGkyLXJzL2Jsb2IvbWFzdGVyL2Jyb3RsaS1zeXMv YnVpbGQucnMjTDE2Pi4NCg0KVGhlIHZlcnNpb24gaXQgYnVuZGxlcyBpcyBhcHBhcmVudGx5 IGluc2VjdXJlOiANCjxodHRwczovL2dpdGh1Yi5jb20vYml0ZW15YXBwL2Jyb3RsaTItcnMv aXNzdWVzLzQ1Pg0KDQpBcyBtZW50aW9uZWQgYXQgPGh0dHBzOi8vZ2l0aHViLmNvbS9hY3Rp eC9hY3RpeC13ZWIvaXNzdWVzLzI1Mzc+LCB0aGVyZSANCmhhdmUgYmVlbiBtdWx0aXBsZSBQ UiB1cGRhdGluZyBpdCB0byBuZXcgUFIgYnV0IHRoZXkgd2VyZSBhYmFuZG9uZWQsIHNvIA0K aXQgYXBwZWFycyB3ZSBoYXZlIHRvIHJlbW92ZSBydXN0LWJyb3RsaS1zeXMgZW50aXJlbHkg KGluIGZhdm91ciBvZiANCnJ1c3QtYnJvdGxpPykgb3IgbWVyZ2Ugb25lIG9mIHRoZW0gKG9y IGJldHRlcjogdW5idW5kbGUpIHRoaW5ncyBvbiBvdXIgb3duLg0KDQpHcmVldGluZ3MsDQpN YXhpbWUuDQoNCg== --------------QqDbmtWET80aggGm69qd0CZl Content-Type: application/pgp-keys; name="OpenPGP_0x49E3EE22191725EE.asc" Content-Disposition: attachment; filename="OpenPGP_0x49E3EE22191725EE.asc" Content-Description: OpenPGP public key Content-Transfer-Encoding: quoted-printable -----BEGIN PGP PUBLIC KEY BLOCK----- xjMEX4ch6BYJKwYBBAHaRw8BAQdANPb/d6MrGnGi5HyvODCkBUJPRjiFQcRU5V+m xvMaAa/NL01heGltZSBEZXZvcyA8bWF4aW1lLmRldm9zQHN0dWRlbnQua3VsZXV2 ZW4uYmU+wpAEExYIADgWIQTB8z7iDFKP233XAR9J4+4iGRcl7gUCX4ch6AIbAwUL CQgHAwUVCgkICwUWAgMBAAIeAQIXgAAKCRBJ4+4iGRcl7japAQC3opZ2KGWzWmRc /gIWSu0AAcfMwyinFEEPa/QhUt2CogD/e2RdF4CYAgaRHJJmZ9WU7piKbLZ7llB4 LzgezVDHggzNJU1heGltZSBEZXZvcyA8bWF4aW1lZGV2b3NAdGVsZW5ldC5iZT7C kAQTFggAOBYhBMHzPuIMUo/bfdcBH0nj7iIZFyXuBQJf56ycAhsDBQsJCAcDBRUK CQgLBRYCAwEAAh4BAheAAAoJEEnj7iIZFyXujpQBAKV1SwDDl4f24rXciDlB9L8W ycZt30CgbewMSRQk4mvbAP9dFMbVVixYBd6C8cfhR+NsOBGiOJnQABlUmgNuqGFJ Dc44BF+HIegSCisGAQQBl1UBBQEBB0BOlzIWiJzgobMF6/cqwLaLk7jIcFSZ++c0 k9cCNT6YXwMBCAfCeAQYFggAIBYhBMHzPuIMUo/bfdcBH0nj7iIZFyXuBQJfhyHo AhsMAAoJEEnj7iIZFyXuMr0BAJc8cl5PGvVmVuSQVKjleNl4DK1/XAaPAYPe34AE fZJPAP9IqLCQhH/FeJanHqBP8gNdGNI2qn8RnnLVfRJgUjZ1BA=3D=3D =3DOVqp -----END PGP PUBLIC KEY BLOCK----- --------------QqDbmtWET80aggGm69qd0CZl-- --------------1F5rJeMuK2OZ5pbNsY4929IP-- --------------FdgYJyYuN1KS3gl4RdzwJjgR Content-Type: application/pgp-signature; name="OpenPGP_signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="OpenPGP_signature" -----BEGIN PGP SIGNATURE----- wnsEABYIACMWIQTB8z7iDFKP233XAR9J4+4iGRcl7gUCYulnpwUDAAAAAAAKCRBJ4+4iGRcl7maE AQCFW2xcjug2qdsY8yKv+Fhwqb+GTlXmjlwEsyDfeSin/wEAtbLskmuWSr53w+otxMiqtTxv4GCk Dvpx9MdX+j7+LQI= =YfaL -----END PGP SIGNATURE----- --------------FdgYJyYuN1KS3gl4RdzwJjgR-- From debbugs-submit-bounces@debbugs.gnu.org Tue Aug 02 14:13:51 2022 Received: (at 56895) by debbugs.gnu.org; 2 Aug 2022 18:13:51 +0000 Received: from localhost ([127.0.0.1]:45024 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1oIwOs-0005cq-R5 for submit@debbugs.gnu.org; Tue, 02 Aug 2022 14:13:51 -0400 Received: from albert.telenet-ops.be ([195.130.137.90]:42402) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1oIwOq-0005cf-8M for 56895@debbugs.gnu.org; Tue, 02 Aug 2022 14:13:48 -0400 Received: from [IPV6:2a02:1811:8c09:9d00:5dba:d409:33f7:a16] ([IPv6:2a02:1811:8c09:9d00:5dba:d409:33f7:a16]) by albert.telenet-ops.be with bizsmtp id 2iDm2800R20ykKC06iDm7H; Tue, 02 Aug 2022 20:13:46 +0200 Message-ID: Date: Tue, 2 Aug 2022 20:13:46 +0200 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.11.0 Subject: Re: rust-brotli-sys bundles (insecure!) brotli Content-Language: en-US From: Maxime Devos To: Nicolas Goaziou , 56895@debbugs.gnu.org References: <54a7e640-ae14-6e6c-6877-35ddc6bb3e35@telenet.be> In-Reply-To: <54a7e640-ae14-6e6c-6877-35ddc6bb3e35@telenet.be> Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="------------2FE52p8ToHprwSOKgQqZEwKn" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=telenet.be; s=r22; t=1659464027; bh=7Xy0dc72twjA/AU4Zdv1Sv0NLT+GqNWQX/iFYpXCztY=; h=Date:Subject:From:To:References:In-Reply-To; b=kRtyID5u/mpzgKXfRfYKvti+mcROfKY0mrf2ztBKjK5xv5zANeqFbp2Ogez8M0e0B bQ6M8e+3LVqTFDxOmuXCX3UE4j6GP8/xRO6jr+8fNKiUCCcPh1UxqX2nUMz5MbZX+a kStIxHWpwtAl5X6IDKqrQ77N2pU7f60ofha4y3NaRFqTAQ/uCpMjyeEdR67M0D5tqG ihb4zLdwrPMDmtK3iitW5P06qHu83LooKljTMz/2jci4qDIXDPEYYbObQ8phNx/xMe GpoZ/7cxRs1mUmfb9trGAWbGBQnfRI2xE5jsbQuzpVpXk/KD2VITpImiXLFJmH3/3w OVzyqXunbRxeQ== X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 56895 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --------------2FE52p8ToHprwSOKgQqZEwKn Content-Type: multipart/mixed; boundary="------------2K1YoAJBPm8rsCfhfhHHctWA"; protected-headers="v1" From: Maxime Devos To: Nicolas Goaziou , 56895@debbugs.gnu.org Message-ID: Subject: Re: rust-brotli-sys bundles (insecure!) brotli References: <54a7e640-ae14-6e6c-6877-35ddc6bb3e35@telenet.be> In-Reply-To: <54a7e640-ae14-6e6c-6877-35ddc6bb3e35@telenet.be> --------------2K1YoAJBPm8rsCfhfhHHctWA Content-Type: multipart/mixed; boundary="------------EZMD0poXjdW3GOh8m16kol15" --------------EZMD0poXjdW3GOh8m16kol15 Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: base64 RnJpZW5kbHkgcmVtaW5kZXIgdG8gdGhlIG9yaWdpbmFsIHBhdGNoIGF1dGhvciBhbmQgY29t bWl0dGVyICgqKSB0byANCmNoZWNrIGZvciBidW5kbGluZyBkdXJpbmcgcmV2aWV3Lg0KDQoo KikgDQpodHRwczovL2dpdC5zYXZhbm5haC5nbnUub3JnL2NnaXQvZ3VpeC5naXQvY29tbWl0 Lz9pZD01MmNjMTZiMzhiMWIwMWIyYmIzNTRlZDU1MTAxMjA4NTZkZTE1ZDM5DQoNCkdyZWV0 aW5ncywNCk1heGltZS4NCg== --------------EZMD0poXjdW3GOh8m16kol15 Content-Type: application/pgp-keys; name="OpenPGP_0x49E3EE22191725EE.asc" Content-Disposition: attachment; filename="OpenPGP_0x49E3EE22191725EE.asc" Content-Description: OpenPGP public key Content-Transfer-Encoding: quoted-printable -----BEGIN PGP PUBLIC KEY BLOCK----- xjMEX4ch6BYJKwYBBAHaRw8BAQdANPb/d6MrGnGi5HyvODCkBUJPRjiFQcRU5V+m xvMaAa/NL01heGltZSBEZXZvcyA8bWF4aW1lLmRldm9zQHN0dWRlbnQua3VsZXV2 ZW4uYmU+wpAEExYIADgWIQTB8z7iDFKP233XAR9J4+4iGRcl7gUCX4ch6AIbAwUL CQgHAwUVCgkICwUWAgMBAAIeAQIXgAAKCRBJ4+4iGRcl7japAQC3opZ2KGWzWmRc /gIWSu0AAcfMwyinFEEPa/QhUt2CogD/e2RdF4CYAgaRHJJmZ9WU7piKbLZ7llB4 LzgezVDHggzNJU1heGltZSBEZXZvcyA8bWF4aW1lZGV2b3NAdGVsZW5ldC5iZT7C kAQTFggAOBYhBMHzPuIMUo/bfdcBH0nj7iIZFyXuBQJf56ycAhsDBQsJCAcDBRUK CQgLBRYCAwEAAh4BAheAAAoJEEnj7iIZFyXujpQBAKV1SwDDl4f24rXciDlB9L8W ycZt30CgbewMSRQk4mvbAP9dFMbVVixYBd6C8cfhR+NsOBGiOJnQABlUmgNuqGFJ Dc44BF+HIegSCisGAQQBl1UBBQEBB0BOlzIWiJzgobMF6/cqwLaLk7jIcFSZ++c0 k9cCNT6YXwMBCAfCeAQYFggAIBYhBMHzPuIMUo/bfdcBH0nj7iIZFyXuBQJfhyHo AhsMAAoJEEnj7iIZFyXuMr0BAJc8cl5PGvVmVuSQVKjleNl4DK1/XAaPAYPe34AE fZJPAP9IqLCQhH/FeJanHqBP8gNdGNI2qn8RnnLVfRJgUjZ1BA=3D=3D =3DOVqp -----END PGP PUBLIC KEY BLOCK----- --------------EZMD0poXjdW3GOh8m16kol15-- --------------2K1YoAJBPm8rsCfhfhHHctWA-- --------------2FE52p8ToHprwSOKgQqZEwKn Content-Type: application/pgp-signature; name="OpenPGP_signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="OpenPGP_signature" -----BEGIN PGP SIGNATURE----- wnsEABYIACMWIQTB8z7iDFKP233XAR9J4+4iGRcl7gUCYulpWgUDAAAAAAAKCRBJ4+4iGRcl7kdH AQDAb8I/B9YRoJNqRC6AOZLc6aAdhGmG3+ovNbpLZ1nO7QD/cOXDGMVziQqLZKB+SjyEM5ak2qsx GaswsVK092wejQ4= =Z5ku -----END PGP SIGNATURE----- --------------2FE52p8ToHprwSOKgQqZEwKn--