Hi! Ludovic Courtès <[email protected]> writes:
> Giovanni Biscuolo <[email protected]> skribis: > >> The details are published here: https://www.trojansource.codes/ > > [...] > >> Is there a way for "guix lint" to check for the listed (other?) >> "dangerous" codepoints and warn code reviewers? > > That would be an expensive operation since that means unpacking the > source and reading each and every file. ‘guix lint’ usually does > inexpensive checks. [...] >> Is it possible for the Guix community to start a coordinated effort to >> analyze all the source code (ever?!?) published in out git repo to check >> for the presence of this attack? > > That sounds unreasonable to me. OK, thanks all for your replies! [...] Ciao, Gio' -- Giovanni Biscuolo Xelera IT Infrastructures
signature.asc
Description: PGP signature
