pjfanning opened a new issue, #341: URL: https://github.com/apache/tooling-trusted-releases/issues/341
* You need an Apache ID to upload but someone could be careless still * Mentioned in https://github.com/apache/tooling-trusted-releases/issues/312#issuecomment-3533414271 but I think it is best to track explicitly so the req is not lost * commons-compress has a way of tracking compression ratios but you need to implement your own checks on top of these https://github.com/apache/commons-compress/blob/rel/commons-compress-1.27.1/src/main/java/org/apache/commons/compress/utils/InputStreamStatistics.java Apache POI has code that uses InputStreamStatistics to check for Zip Bombs and you could use that as a template for ATR -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
