alitheg opened a new pull request, #1176: URL: https://github.com/apache/tooling-trusted-releases/pull/1176
Switch existing archive extraction to exarch and use the same `SecurityConfig` for those and quarantine extraction. Skip pre-extraction checking as it requires handling the archive without exarch, and doesn't give us anything additional to the extraction itself (provided we use the `SecurityConfig`, which we do). One thing to note: I added some tests to confirm current behaviour before changing - This raised the fact that the non-exarch extraction code skipped `._` files silently (intentionally), but quarantine doesn't. Since the only usage of that extraction code was now the sbom generator, I removed this behaviour -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
