From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on dcvr.yhbt.net X-Spam-Level: X-Spam-ASN: AS4713 221.184.0.0/13 X-Spam-Status: No, score=-3.6 required=3.0 tests=AWL,BAYES_00,DKIM_INVALID, DKIM_SIGNED,MAILING_LIST_MULTI,RCVD_IN_DNSWL_MED,SPF_HELO_NONE, SPF_PASS,UNPARSEABLE_RELAY,URIBL_GREY shortcircuit=no autolearn=no autolearn_force=no version=3.4.2 Received: from neon.ruby-lang.org (neon.ruby-lang.org [221.186.184.75]) by dcvr.yhbt.net (Postfix) with ESMTP id 99E201F953 for ; Mon, 15 Nov 2021 00:08:57 +0000 (UTC) Received: from neon.ruby-lang.org (localhost [IPv6:::1]) by neon.ruby-lang.org (Postfix) with ESMTP id 89EB3120B3E; Mon, 15 Nov 2021 09:08:54 +0900 (JST) Received: from o1678948x4.outbound-mail.sendgrid.net (o1678948x4.outbound-mail.sendgrid.net [167.89.48.4]) by neon.ruby-lang.org (Postfix) with ESMTPS id E6E35120B1D for ; Mon, 15 Nov 2021 09:08:52 +0900 (JST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sendgrid.me; h=from:references:subject:mime-version:content-type: content-transfer-encoding:list-id:to; s=smtpapi; bh=pmPkUguAGrgkYKYaK56NcUxXoAWMdTsq8diCZmeKuhc=; b=DPltjGVN2ZzLR85bc+2lHWxoF4cS+ub6bAtbZj7haDFeYtbmoG1YxrTywpfqO31xatcJ 9kLT/6KO4BP5N3hzvQlBAzKpQA722c7Hjib2EayTg8hqPBoPMMeTzxbwv4H2BMRSI7ag59 40UFcUv4yfhcq2042ZXvgdBEd1+j7ZvUU= Received: by filterdrecv-55446c4d49-qzgqp with SMTP id filterdrecv-55446c4d49-qzgqp-1-6191A513-16 2021-11-15 00:08:51.251582731 +0000 UTC m=+6400123.433601495 Received: from herokuapp.com (unknown) by ismtpd0166p1iad2.sendgrid.net (SG) with ESMTP id mpxIJsvRTGimr7dJbgtRUQ for ; Mon, 15 Nov 2021 00:08:51.243 +0000 (UTC) Date: Mon, 15 Nov 2021 00:08:51 +0000 (UTC) From: duerst Message-ID: References: Mime-Version: 1.0 X-Redmine-Project: ruby-master X-Redmine-Issue-Tracker: Feature X-Redmine-Issue-Id: 18336 X-Redmine-Issue-Author: duerst X-Redmine-Sender: duerst X-Mailer: Redmine X-Redmine-Host: bugs.ruby-lang.org X-Redmine-Site: Ruby Issue Tracking System X-Auto-Response-Suppress: All Auto-Submitted: auto-generated X-Redmine-MailingListIntegration-Message-Ids: 82296 X-SG-EID: =?us-ascii?Q?sZFLhNnqjcW9Ht8ByfkgOQbWPVETXXFxLuf0UPwpQ=2FbXrx066LnwciY0taRhC1?= =?us-ascii?Q?++A6DTJJ4lt=2FzJkwBQUmmbJXhB+C4nQ033MjSGj?= =?us-ascii?Q?je1hQtGjOp78gCOBvTZE4ua0Rg2DN3sj9VhAlGK?= =?us-ascii?Q?I2dViZZ8e91cdNAXvt527SnJzfUb48iG6ZIWT8S?= =?us-ascii?Q?1427ODC5HzZpPkJeRhrmML=2F5nuIttohL3HzV+fm?= =?us-ascii?Q?9ZZqQhsv7cDrGlmWwbDGTEKX=2FuRBho5jLL3UxNM?= =?us-ascii?Q?g51Ym=2FxZFqRhwt5f=2Fq61A=3D=3D?= To: ruby-core@ruby-lang.org X-Entity-ID: b/2+PoftWZ6GuOu3b0IycA== X-ML-Name: ruby-core X-Mail-Count: 106055 Subject: [ruby-core:106055] [Ruby master Feature#18336] How to deal with Trojan Source vulnerability X-BeenThere: ruby-core@ruby-lang.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Ruby developers List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Reply-To: Ruby developers Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 Errors-To: ruby-core-bounces@ruby-lang.org Sender: "ruby-core" SXNzdWUgIzE4MzM2IGhhcyBiZWVuIHJlcG9ydGVkIGJ5IGR1ZXJzdCAoTWFydGluIETDvHJzdCku DQoNCi0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0NCkZlYXR1cmUgIzE4 MzM2OiBIb3cgdG8gZGVhbCB3aXRoIFRyb2phbiBTb3VyY2UgdnVsbmVyYWJpbGl0eQ0KaHR0cHM6 Ly9idWdzLnJ1YnktbGFuZy5vcmcvaXNzdWVzLzE4MzM2DQoNCiogQXV0aG9yOiBkdWVyc3QgKE1h cnRpbiBEw7xyc3QpDQoqIFN0YXR1czogT3Blbg0KKiBQcmlvcml0eTogTm9ybWFsDQotLS0tLS0t LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tDQpUaGUgIlRvcmphbiBTb3VyY2UiIHZ1 bG5lcmFiaWxpdHkgcmVjZW50bHkgaGFzIGNhdWdodCBzb21lIGF0dGVudGlvbi4NCg0KVGhlIHZ1 bG5lcmFiaWxpdHkgaW52b2x2ZXMgdXNpbmcgY2VydGFpbiBjb21iaW5hdGlvbnMgb2YgVW5pY29k ZSBjaGFyYWN0ZXJzIHRvIGxldCBzb3VyY2UgY29kZSBsb29rIGxpa2UgaXQgaXMgY29ycmVjdCAo YW5kIHRoZXJlZm9yZSBwYXNzIGNvZGUgcmV2aWV3LC4uLikgYnV0IGFjdHVhbGx5IGRvIHNvbWV0 aGluZyBlbHNlIHRoYW4gaW50ZW5kZWQuDQoNCkZvciBiYWNrZ3JvdW5kLCBwbGVhc2Ugc2VlIGRp c2N1c3Npb24gb24gS3JlYnNvblNlY3VyaXR5IChodHRwczovL2tyZWJzb25zZWN1cml0eS5jb20v MjAyMS8xMS90cm9qYW4tc291cmNlLWJ1Zy10aHJlYXRlbnMtdGhlLXNlY3VyaXR5LW9mLWFsbC1j b2RlLykgYW5kIHRoZSBXZWIgc2l0ZSAoaHR0cHM6Ly93d3cudHJvamFuc291cmNlLmNvZGVzLykg YW5kIG9yaWdpbmFsIHBhcGVyIChodHRwczovL3d3dy50cm9qYW5zb3VyY2UuY29kZXMvdHJvamFu LXNvdXJjZS5wZGYpLg0KDQpJIGNvbnRhY3RlZCB0aGUgUnVieSBzZWN1cml0eSBsaXN0LCB3aGlj aCB3YXMgYWxyZWFkeSBhd2FyZSBvZiB0aGUgaXNzdWUsIGFuZCB3ZSBhZ3JlZWQgdG8gZGlzY3Vz cyB0aGlzIGhlcmUgYmVjYXVzZSB0aGUgdnVsbmVyYWJpbGl0eSBpcyBhbHJlYWR5IHB1YmxpYy4N Cg0KVGhlIHBhcGVyIGZvY3VzZXMgb24gdGhlIHVzZSBvZiBbQV0gRGlyZWN0aW9uYWwgRm9ybWF0 dGluZyBDaGFyYWN0ZXJzICgqMSkgaW4gc3RyaW5nIGNvbnN0YW50cywgY29tbWVudHMsIGFuZCBz aW1pbGFyIGNvbnN0cnVjdHMgdG8gY2hhbmdlIHRoZSB2aXN1YWwgYXBwZWFyYW5jZSBvZiBjb2Rl IG91dHNpZGUgdGhlc2UgY29uc3RydWN0cy4gVGhlcmUgYXJlIHJlbGF0ZWQgdnVsbmVyYWJpbGl0 aWVzLCBuYW1lbHkgdGhlIHVzZSBvZiBbQl0gbm9uLXNwYWNpbmcgKGFuZCB0aGVyZWZvcmUgbW9z dGx5IGludmlzaWJsZSkgY2hhcmFjdGVycyBlLmcuIGluIHZhcmlhYmxlIG5hbWVzLCBhbmQgdGhl IHVzZSBvZiBbQ10gbWl4ZWQtc2NyaXB0IGlkZW50aWZpZXJzLCB3aGljaCBhbHNvIGxldHMgc29t ZSB2YXJpYWJsZSBuYW1lcyBsb29rIGlkZW50aWNhbCBldmVuIGlmIHRoZXkgYXJlIG5vdC4NCg0K U29tZSBsYW5ndWFnZXMsIHN1Y2ggYXMgUnVzdCwgaGF2ZSBhZGRyZXNzZWQgW0FdIChzZWUgaHR0 cHM6Ly9ibG9nLnJ1c3QtbGFuZy5vcmcvMjAyMS8xMS8wMS9jdmUtMjAyMS00MjU3NC5odG1sKSBi eSByZXF1aXJpbmcgZXNjYXBlcyB0byBiZSB1c2VkIGZvciB0aGUgcmVsZXZhbnQgY2hhcmFjdGVy cyBpbiBzb3VyY2UuIE9uIHRoZSBvdGhlciBoYW5kLCBwZW9wbGUgc3VjaCBhcyBSdXNzIENveCB0 aGluayBjb21waWxlcnMgYXJlIHRoZSB3cm9uZyBwbGFjZSB0byBhZGRyZXNzIHRoZSBpc3N1ZTsg aXQgc2hvdWxkIGJlIGFkZHJlc3NlZCBpbiBlZGl0b3JzIGFuZCBzaW1pbGFyIHRvb2xzIChzZWUg aHR0cHM6Ly9yZXNlYXJjaC5zd3RjaC5jb20vdHJvamFuKS4gR2l0aHViIG5vdyB3YXJucyBhYm91 dCANCg0KVGhlIHF1ZXN0aW9uIGlzIHdoYXQgUnVieSBzaG91bGQgZG8sIGlmIGFueXRoaW5nLg0K QWRkcmVzc2luZyBbQV0gc2ltaWxhciB0byBob3cgUnVzdCBkb2VzIGl0IGNhbiBiZSBkb25lIHJl bGF0aXZlbHkgZWFzaWx5LiBJZiB0aGF0J3MgZG9uZSwgSSdkIHByZWZlciB0byBvbmx5IHJlamVj dCBpbmNvbXBsZXRlIEJpZGkgY29udHJvbCBzZXF1ZW5jZXMsIHdoaWNoIGlzIGEgYml0IG1vcmUg Y29tcGxpY2F0ZWQuIEluIHBhcnRpY3VsYXIsIHN0cmluZyBpbnRlcnBvbGF0aW9uIG5lZWRzIGEg dmVyeSBjYXJlZnVsIGFuYWx5c2lzLg0KRm9yIFtCXSwgSSdsbCBvcGVuIGEgc2VwYXJhdGUgaXNz dWUuDQpGb3IgW0NdLCB3ZSBoYXZlIGFsbCBkYXRhIGFib3V0IHNjcmlwdHMsIGJ1dCB0aGUgd2F5 IGl0J3MgY3VycmVudGx5IHN0cnVjdHVyZWQgbWFrZXMgZmluZGluZyBvdXQgd2hpY2ggY2hhcmFj dGVyIGEgc2NyaXB0IGJlbG9uZ3MgdG8gcXVpdGUgaW5lZmZpY2llbnQuDQoNCg0KKCoxKSAiRGly ZWN0aW9uYWwgRm9ybWF0dGluZyBDaGFyYWN0ZXIiIGlzIHRoZSBvZmZpY2lhbCBVbmljb2RlIHRl cm0gKHNlZSBodHRwczovL3d3dy51bmljb2RlLm9yZy9yZXBvcnRzL3RyOS8jRGlyZWN0aW9uYWxf Rm9ybWF0dGluZ19DaGFyYWN0ZXJzKS4gVGhlIHRlcm1zICJCaWRpL0JpZGlyZWN0aW9uYWwgY29u dHJvbCIgb3IgIkJpZGkvQmlkaXJlY3Rpb25hbCBjb250cm9sIGNoYXJhY3RlciIgYXJlIGFsc28g dXNlZC4gT3ZlcmFsbCwgdGhlcmUgYXJlIDkgc3VjaCBjaGFyYWN0ZXJzLiBVbmZvcnR1bmF0ZWx5 LCBib3RoIHRoZSBwYXBlciBhbmQgS3JlYnNvblNlY3VyaXR5IHVzZSB0aGUgdGVybSAiQmlkaSBP dmVycmlkZSIsIHdoaWNoIGlzIGhpZ2hseSBtaXNsZWFkaW5nLiBUaGUgdGVybSDigJxCaWRpIE92 ZXJyaWRl4oCdIGlzIHJlc2VydmVkIGZvciB0d28gY2hhcmFjdGVycyBvbmx5Og0KTFJPLCBVKzIw MkQsIExlZnQtdG8tUmlnaHQgT3ZlcnJpZGUsIGFuZCBSTE8sIFUrMjAyRSwgUmlnaHQtdG8tTGVm dCBPdmVycmlkZSAoc2VlIFRhYmxlIDEgaW4gdGhlIHBhcGVyKS4gSXQgaXMgYWxzbyB1c2VkIGZv ciB0aGUgcGhlbm9tZW5vbiBhc3NvY2lhdGVkIHdpdGggdGhlc2UgdHdvIGNoYXJhY3RlcnMsIGEg 4oCcaGFyZOKAnSBvdmVycmlkZSAoaS5lLiBhZmZlY3RpbmcgYWxsIGNoYXJhY3RlcnMgaW5jbHVk aW5nIGUuZy4gdGhlIExhdGluIGFscGhhYmV0KSwgYW5kIG1lY2hhbmlzbXMgaW4gb3RoZXIgdGVj aG5vbG9neSB0aGF0IGFjaGlldmUgdGhlIHNhbWUgKGUuZy4gdGhlIEhUTUwgYmRvIGVsZW1lbnQg KGh0dHBzOi8vaHRtbC5zcGVjLndoYXR3Zy5vcmcvI3RoZS1iZG8tZWxlbWVudCkgb3IgdGhlIOKA mGJpZGktb3ZlcnJpZGXigJkgdmFsdWUgb2YgdGhlIHVuaWNvZGUtYmlkaSBwcm9wZXJ0eSBpbiBD U1MgKGh0dHBzOi8vd3d3LnczLm9yZy9UUi9DU1MyL3Zpc3VyZW4uaHRtbCNwcm9wZGVmLXVuaWNv ZGUtYmlkaSkpLg0KDQoNCg0KDQotLSANCmh0dHBzOi8vYnVncy5ydWJ5LWxhbmcub3JnLw0K