On Sat, Apr 08, 2017 at 08:20:45AM -0400, Ineiev wrote: > On Sun, Mar 19, 2017 at 01:19:05PM -0400, Ineiev wrote: > > > > I'll need more hints to address points 3. (what more validation > > and error checking could be used in the Perl script), 4. (I don't know > > how we could usefully sanitize GPG input), 5. (how the 'open' > > command should escape parameters before executing them as shell > > commands). > > This is to address points 3. (more checking is added to the Perl > script) and 5. (a check is added to make sure that key_id is > a hexadecimal number). I still doubt we really need to run any > checks on the provided GPG key: typical gpg usage includes > importing keys from untrusted key servers.
I have no more amendments; if there are no further comments, I'll push it.
signature.asc
Description: Digital signature
