Ack on the upstream repository notes. I've turned on GitHub Security Advisories and will hopefully get a `SECURITY.md` file included by EOD.
On the usage of `exec.Command` for stuff like `cp` and `mkdir`, just as a note, even though it isn't an issue, we've had issues with the Go standard library options for these operations bypassing fake root in build environments. On the notes about the server, indeed we do treat reports as "untrusted" when they come in and do our best to sanitize them. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2118794 Title: [MIR] ubuntu-insights To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ubuntu-insights/+bug/2118794/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
