http://bugzilla.opensuse.org/show_bug.cgi?id=1046197
http://bugzilla.opensuse.org/show_bug.cgi?id=1046197#c2
--- Comment #2 from Peter van Hoof ---
The first question you need to ask is whether these CVEs you refer to are
relevant here. It's not like we are decompressing some malicious email
attachment. Rather, this is compressed material coming from another instance of
rsync on a remote machine. So the source of the compressed material is known.
The situation now is that compressed rsync is not possible with older versions
of rsync. That situation will likely continue to exist for years to come until
all the old instances have disappeared. Being able to compress content over
slow lines is a VERY important feature that many people will rely on. For some
it may even be mission critical. For some it may also mean additional cost if
they are charged by the volume of data transferred... So there is a real
impact, more or less on a day-to-day basis, from not being able to compress
data.
So please consider this impact as well and keep the compression feature alive
as long as is needed.
--
You are receiving this mail because:
You are on the CC list for the bug.