On Mon, 21 Feb 2011 14:50:39 +0100 Lukas Fleischer <[email protected]> wrote:
> The only issue that might affect the end users as well is "ZIP bombs". > Most users will probably notice such a thing before it is entirely > extracted, just interrupt tar(1)/gzip(1) and send a removal request to > aur-general, however. hmmm. some good points. I guess I could try the suggested approach and see how I like it. However, now that you bring up the "zip bombs", do you think it's feasible to scan for them serverside without compromising security and/or making things needlessly complicated? it would be useful for clients if that one aspect could be filtered out in advance. Dieter
