How to continue work on std.zip
berni44
dlang at d-ecke.de
Wed Oct 23 14:54:20 UTC 2019
On Wednesday, 23 October 2019 at 09:31:04 UTC, Walter Bright
wrote:
>> Some minor stuff, like path traversal attacks, remains though.
>
> How about nailing all that stuff? Then you can put in the
> documentation for std.zip, with links to the zip bomb problems,
> that std.zip doesn't have those problems.
>
> There's no reason not to do an std.zip that's better than
> anyone else's, especially when the problems are known.
That's the plan (I have to wait for stable to be remerged back
into master though, because there's been a regression fix). I
thought of first implementing everything and going for
documentation later, but meanwhile I think, I could do the
documentation stuff in parallel with implementing, starting
(which can be done immediately) with the idea of an overview
table at the top, like Jonathan M. Davis suggests. Currently,
this would only mention zip-bombs and chameleon-files. But with
every further fix it can be extended.
More information about the Digitalmars-d
mailing list