1. Lua is a terrible choice of a programming language IMHO (at least dealing
with encodings in it used to be nightmare, though IDK how is it now). Some
embedded JS engine may be better.
2. If to implement something in lua, one can ask why not to implement
everything in lua? Replacing a C++
When there is number after T (suggested number of threads or
0 for
getncpus), lzopen_internal() mode parser would skip one byte, and when
its at the end of the string it would then parse undesired garbage from
the memory, making intermittent compression failures.
Fixes: 7740d1098 (Add support
@Conan-Kudo good point on optional dependencies.
That said, if we are going to make Lua mandatory, could we use it for the PGP
packet parser? Lua is de-facto memory safe, so the risk of nasty security
vulnerabilities is far lower, and performance should not matter for this
application. And
The signature verification code, and all other code that interacts with a
package before the signature has been verified, is security critical. It
should be fuzz tested as much as possible.
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or
