On Wednesday 20 September 2006 23:34, Pascal Bleser wrote:
Anders Johansson wrote:
On Wednesday 20 September 2006 23:21, Andreas Hanke wrote:
Craig Millar schrieb:
Guess that channel is off limits until someone either modifies the repodata or smart is fixed. :(
smart doesn't need to be fixed because it's not smart's fault.
A program should never ever crash on bad input. Any program that does has a bug and needs to be fixed.
Of course it won't help you download packages, but it will provide nicer (comprehensible) error messages, and avoid possible exploits (just about all of them rely on programs crashing on bad input)
Erm, sure, but if you fear the repository metadata to be abused to do something malicious on your box, that's the least of your problems.
I could just make a new amarok, apache or whatever release in my repo and put a "rm -rf /" in %pre or %post
which is also why I keep telling people to only use repositories from trusted sources (and yes, you are one of them) But it's just out of general principles. A program crashing, regardless of the reason for it, is just sloppy. It means the programmer forgot to handle a possible error source --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org