Le mar. 9 nov. 2021 à 21:01, Jérémy Lal <kapo...@melix.org> a écrit :
> > > Le mar. 9 nov. 2021 à 20:55, Felix Lechner <felix.lech...@lease-up.com> a > écrit : > >> Hi Jérémy, >> >> On Tue, Nov 9, 2021 at 11:48 AM Jérémy Lal <kapo...@melix.org> wrote: >> > >> > Ok, but the potential targets are source code files, like *.c *.cpp, >> *.js, *.py, *.rb etc... > > >> It was only a stopgap measure. We held a release due to the large >> number of false positives. >> >> Actually only source code files need to be tested. Others like - .po, .pod - .xml, .html, .xhtml, .svg, .md, .txt, - copyright, documentation, plain text can be ignored. I suppose that also *.ini, *.desktop, *.toml could be ignored, but i'm not sure. Maybe for a start, testing only high-level scripts should be done (py, js, rb). > Please just let me know what you would like to see, and I will change >> it again. Have you heard from the security team? > > > No, but as far as i can understand this CVE is difficult to evaluate, > It's a potential threat against source code... that's about it... >
