summaryrefslogtreecommitdiff
path: root/doc/todo/concurrent-output_dependency_implies_compilation_of_a_lot_of_unstrusted_sourc...
diff options
context:
space:
mode:
authorJoey Hess2016-04-13 12:39:57 -0400
committerJoey Hess2016-04-13 12:39:57 -0400
commitd9bba6bda1bb4d8b5111a42c9e33159071588d77 (patch)
tree1ea9018023c494fa69eee883044d55c95820fa9b /doc/todo/concurrent-output_dependency_implies_compilation_of_a_lot_of_unstrusted_sources_as_root.mdwn
parent230aef7c9cc53476ac1a768f337c936308d2c930 (diff)
move to todo, and close
Diffstat (limited to 'doc/todo/concurrent-output_dependency_implies_compilation_of_a_lot_of_unstrusted_sources_as_root.mdwn')
-rw-r--r--doc/todo/concurrent-output_dependency_implies_compilation_of_a_lot_of_unstrusted_sources_as_root.mdwn5
1 files changed, 5 insertions, 0 deletions
diff --git a/doc/todo/concurrent-output_dependency_implies_compilation_of_a_lot_of_unstrusted_sources_as_root.mdwn b/doc/todo/concurrent-output_dependency_implies_compilation_of_a_lot_of_unstrusted_sources_as_root.mdwn
new file mode 100644
index 00000000..d8493b27
--- /dev/null
+++ b/doc/todo/concurrent-output_dependency_implies_compilation_of_a_lot_of_unstrusted_sources_as_root.mdwn
@@ -0,0 +1,5 @@
+The recent dependency on concurrent-output adding implies downloading, compiling, and executing as root of many (MissingH, hslogger, process, unix-compat, network, directory, ansi-terminal, unix, ...) unstrusted sources. This seems like a huge security problem...
+
+Are these at least downloaded using https?
+
+> [[done]] --[[Joey]]