Hi, On 6/13/24 22:27, Simon Josefsson wrote:
Generally I reach the same conclusion, although I think there are real security problems with both the existing and the proposed tag2upload mechanism that we should all be aware of. It is acceptable to realize that we cannot protect against all attacks with reasonable costs.
In that case it is kind of disingenuous to highlight the necessity of this change by pointing at the xz-utils scenario.
Simon
