summaryrefslogtreecommitdiff
path: root/doc/forum/concurrent-output_dependency_implies_compilation_of_a_lot_of_unstrusted_sources_as_root.mdwn
blob: c40b29ef12ec6f93892c3629af6ac1a4b045a4b3 (plain)
1
2
3
The recent dependency on concurrent-output adding implies downloading, compiling, and executing as root of many (MissingH, hslogger, process, unix-compat, network, directory, ansi-terminal, unix, ...)  unstrusted sources. This seems like a huge security problem...

Are these at least downloaded using https?