On 2024-04-04, Graham Leggett wrote:
> On 04 Apr 2024, at 09:15, giova...@paclan.it wrote:
>> We might have a similar issue in SpamAssassin, we have code to detect
>> anomalies in .xls and .xlsx files
>> but we do not have any way to create those files (that might contain macros)
>> in the build process.
> In this case testing should be moved out into a separate project, unrelated
> to the artefact being built.
I agree. This may be inconvenient for one-off contributors but should work.
> The blunt "no weird binaries in our releases" (because the weird binaries are
> kept outside the releases) is very simple to audit.
Indeed
Stefan
---------------------------------------------------------------------
To unsubscribe, e-mail: security-discuss-unsubscr...@community.apache.org
For additional commands, e-mail: security-discuss-h...@community.apache.org
