On June 17, 2017 3:13:33 PM CDT, l...@gnu.org wrote: >Arun Isaac <arunis...@systemreboot.net> skribis: > >> * Proposal >> >> zip bomb (zip archives without a top level directory) handling should >> not be done in `url-fetch/zipbomb'. It should be implemented as a >> boolean argument to the `unpack' phase. > >I guess the Boolean argument would determine whether to do (chdir >(first-subdirectory ".")), right? > >Unfortunately that’s not enough for the cases where an origin has >patches or a snippet, because that code also assumes there’s only one >subdirectory (see ‘patch-and-repack’ in (guix packages)). > >Perhaps the right fix would be to fix ‘patch-and-repack’ somehow.
I think this would be preferable. Since it means that users of 'guix build -S' would still get "unbombed" sources. `~Eric -- Sent from my Android device with K-9 Mail. Please excuse my brevity.
