Announcement

**carewolf** · 29 May 2018, 05:42 PM

So people with commit access can compromise a company?

Sounds mostly like a problem for github and few others.

**brrrrttttt** · 30 May 2018, 04:49 AM

It was a problem for GitHub et. al. but they've already patched their stuff. For regular people, it's only a problem if you're in the habit of doing a recursive clone of an untrusted repo... And if you were just going to run ./configure; make; sudo make install without validating all the source... well that's an easier vector to run arbitrary code anyway.

**Palu Macil** · 30 May 2018, 09:39 AM

Originally posted by brrrrttttt View Post

It was a problem for GitHub et. al. but they've already patched their stuff. For regular people, it's only a problem if you're in the habit of doing a recursive clone of an untrusted repo... And if you were just going to run ./configure; make; sudo make install without validating all the source... well that's an easier vector to run arbitrary code anyway.

I certainly sometimes clone a repo, read all the code in an example, and then build and run the example, so I certainly am putting myself at risk, but at least I'm only doing that with projects that are at least a certain size.

**swoorup** · 01 June 2018, 09:43 AM

One of the security issue could have been fixed by Rust.

**brrrrttttt** · 03 June 2018, 12:55 AM

Originally posted by swoorup View Post

One of the security issue could have been fixed by Rust.

Or by writing correct code. There are many ways to skin a cat, some involving more hand-holding than others.

Announcement

Git Issues Batch Of New Releases To Fix Security Issues

Git Issues Batch Of New Releases To Fix Security Issues

Comment

Comment

Comment

Comment

Comment