From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on starla X-Spam-Level: X-Spam-Status: No, score=-1.1 required=3.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,MAILING_LIST_MULTI,SPF_HELO_PASS,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 Received: from nue.mailmanlists.eu (nue.mailmanlists.eu [94.130.110.93]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by dcvr.yhbt.net (Postfix) with ESMTPS id 247181F4BE for ; Mon, 21 Oct 2024 09:03:21 +0000 (UTC) Authentication-Results: dcvr.yhbt.net; dkim=pass (1024-bit key; unprotected) header.d=ml.ruby-lang.org header.i=@ml.ruby-lang.org header.a=rsa-sha256 header.s=mail header.b=Y+FGTqyx; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=ruby-lang.org header.i=@ruby-lang.org header.a=rsa-sha256 header.s=s1 header.b=L6pogYZt; dkim-atps=neutral DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ml.ruby-lang.org; s=mail; t=1729501399; bh=6smGRcEGk/2Y3dD/hWRSn6onbwvU0D34k4duyQaNwNY=; h=Date:References:To:Reply-To:Subject:List-Id:List-Archive: List-Help:List-Owner:List-Post:List-Subscribe:List-Unsubscribe: From:Cc:From; b=Y+FGTqyx5uGmReJjVx8uGy03RXDL4ed4mNW0nZPctx0TQSP7oUxzztdV7FdImE5LY DH7h/kIsePQWGmfIiAByd6aWclEyLwh6oZPeVuhAPow2OiKdjlBfiLsZY5zaEo4s0J oOpXzo/OfZdFjZ1g/HYDigbhX9bgFg/UnclC2D2M= Received: from nue.mailmanlists.eu (localhost [IPv6:::1]) by nue.mailmanlists.eu (Postfix) with ESMTP id D80E5452ED for ; Mon, 21 Oct 2024 09:03:19 +0000 (UTC) Authentication-Results: nue.mailmanlists.eu; dkim=pass (2048-bit key; unprotected) header.d=ruby-lang.org header.i=@ruby-lang.org header.a=rsa-sha256 header.s=s1 header.b=L6pogYZt; dkim-atps=neutral Received: from s.wfbtzhsv.outbound-mail.sendgrid.net (s.wfbtzhsv.outbound-mail.sendgrid.net [159.183.224.104]) by nue.mailmanlists.eu (Postfix) with ESMTPS id 4E01744524 for ; Mon, 21 Oct 2024 08:50:19 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ruby-lang.org; h=from:references:subject:mime-version:content-type: content-transfer-encoding:list-id:to:cc:content-type:from:subject:to; s=s1; bh=vF3Yf7tUrIxKj7yMI4saMKL+iid4ubIPfJ7doMtmzw4=; b=L6pogYZtKeJO24nKX3e+X+NQ3tfFkTALbuA45iPWt3j4avZBntoKGYD9UWJ0x+AOgBxq jI8pvnCEDQI7lmHAM1Dwt4N4V48fTlNILMNfvwdqXi0QtCryD015cI7FG9T+ukq4ky64u1 CIUDMBbhgVTSXo56o6nCkPsgRFu1MStWO3vVeI2Bw8i8fAFq8X8cuQoESZ8izNDX20LR07 2eDjhgCai+FGDNQWq8TKyFBhCbOB3WR/G3Xyvmw3y8mkVTwTSjl/sKKjG3QXlsVXyLn5Sw JjuKbmWZpPpmP4C6SUxEMZYeu5k3tZLMbMfGBYu/LP3W+4254OcX3zxstqODuEAg== Received: by recvd-7cc7f7d978-zzqxq with SMTP id recvd-7cc7f7d978-zzqxq-1-671615CA-19 2024-10-21 08:50:18.431282542 +0000 UTC m=+3336722.157921794 Received: from herokuapp.com (unknown) by geopod-ismtpd-2 (SG) with ESMTP id dJlTvm4IQsS6FeDEKYdTGA for ; Mon, 21 Oct 2024 08:50:18.372 +0000 (UTC) Date: Mon, 21 Oct 2024 08:50:18 +0000 (UTC) Message-ID: References: Mime-Version: 1.0 X-Redmine-Project: ruby-master X-Redmine-Issue-Tracker: Feature X-Redmine-Issue-Id: 18336 X-Redmine-Issue-Author: duerst X-Redmine-Issue-Priority: Normal X-Redmine-Sender: wilburlo X-Mailer: Redmine X-Redmine-Host: bugs.ruby-lang.org X-Redmine-Site: Ruby Issue Tracking System X-Auto-Response-Suppress: All Auto-Submitted: auto-generated X-Redmine-MailingListIntegration-Message-Ids: 96183 X-SG-EID: =?us-ascii?Q?u001=2EkXVJlPLQS9a4afOAa4276Gv+6cOntzDZdEYUfEb96zkh5SEWDCQlqA31B?= =?us-ascii?Q?nAdFduPSwyZQDOTcHcFiFwvT=2F9DjFZAChBeaOFN?= =?us-ascii?Q?iVjMX+05Ij7DWVpTWO1hQIG38B1zkFc241VTBub?= =?us-ascii?Q?Qizi+EfwfnxxTj40XKumsqO6jo2Ae8s=2FO2pcLQ6?= =?us-ascii?Q?gXHgsNBkvctAB3DWc1Exl1PRyhvrBsGpp8O3nA+?= =?us-ascii?Q?L9oaovUgEICS3visZwK48ScM0gnyAWQ1481ssS7?= =?us-ascii?Q?XzZDxfkfjRJ70A5U70hIKsQiVw=3D=3D?= To: ruby-core@ml.ruby-lang.org X-Entity-ID: u001.I8uzylDtAfgbeCOeLBYDww== Message-ID-Hash: MQD25TSSIDU3YYBNIACPZHDCLUMEYLSR X-Message-ID-Hash: MQD25TSSIDU3YYBNIACPZHDCLUMEYLSR X-MailFrom: bounces+313651-b711-ruby-core=ml.ruby-lang.org@em5188.ruby-lang.org X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header X-Mailman-Version: 3.3.9 Precedence: list Reply-To: Ruby developers Subject: [ruby-core:119548] [Ruby master Feature#18336] How to deal with Trojan Source vulnerability List-Id: Ruby developers Archived-At: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: From: "wilburlo (Daniel Lo) via ruby-core" Cc: "wilburlo (Daniel Lo)" Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 SXNzdWUgIzE4MzM2IGhhcyBiZWVuIHVwZGF0ZWQgYnkgd2lsYnVybG8gKERhbmllbCBMbykuDQoN Cg0KUGxlYXNlIGNvbnNpZGVyIHRoZSBpc3N1ZSBvZiBBU0NJSSBzbXVnZ2xpbmcgYXMgYSBwb3Rl bnRpYWwgYXNwZWN0IG9mIHRoaXMgcHJvYmxlbS4gV2hpbGUgSSBkb27igJl0IGN1cnJlbnRseSBz ZWUgaG93IEFTQ0lJIHNtdWdnbGluZyBjb3VsZCBiZSB1c2VkIHRvIGFmZmVjdCBSdWJ5LCBJIGRv IGJlbGlldmUgaXQgd291bGQgYmUgd29ydGh3aGlsZSB0byBleHBsb3JlIGlmIHRoZSBjb21tYW5k ICJydWJ5IC1jIiBzaG91bGQgaW1wbGVtZW50IGNoZWNrcyB0byBkZXRlY3QgYmktZGlyZWN0aW9u YWwgY2hhcmFjdGVycyBvciBBU0NJSSBzbXVnZ2xpbmcuDQoNCkZvciBtb3JlIGluZm9ybWF0aW9u LCB5b3UgbWF5IGZpbmQgdGhpcyByZXNvdXJjZSBoZWxwZnVsOg0KKiBodHRwczovL2VtYnJhY2V0 aGVyZWQuY29tL2Jsb2cvcG9zdHMvMjAyNC9oaWRpbmctYW5kLWZpbmRpbmctdGV4dC13aXRoLXVu aWNvZGUtdGFncy8NCg0KLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ0K RmVhdHVyZSAjMTgzMzY6IEhvdyB0byBkZWFsIHdpdGggVHJvamFuIFNvdXJjZSB2dWxuZXJhYmls aXR5DQpodHRwczovL2J1Z3MucnVieS1sYW5nLm9yZy9pc3N1ZXMvMTgzMzYjY2hhbmdlLTExMDE2 NA0KDQoqIEF1dGhvcjogZHVlcnN0IChNYXJ0aW4gRMO8cnN0KQ0KKiBTdGF0dXM6IEZlZWRiYWNr DQotLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tDQpUaGUgIlRvcmphbiBT b3VyY2UiIHZ1bG5lcmFiaWxpdHkgcmVjZW50bHkgaGFzIGNhdWdodCBzb21lIGF0dGVudGlvbi4N Cg0KVGhlIHZ1bG5lcmFiaWxpdHkgaW52b2x2ZXMgdXNpbmcgY2VydGFpbiBjb21iaW5hdGlvbnMg b2YgVW5pY29kZSBjaGFyYWN0ZXJzIHRvIGxldCBzb3VyY2UgY29kZSBsb29rIGxpa2UgaXQgaXMg Y29ycmVjdCAoYW5kIHRoZXJlZm9yZSBwYXNzIGNvZGUgcmV2aWV3LC4uLikgYnV0IGFjdHVhbGx5 IGRvIHNvbWV0aGluZyBlbHNlIHRoYW4gaW50ZW5kZWQuDQoNCkZvciBiYWNrZ3JvdW5kLCBwbGVh c2Ugc2VlIGRpc2N1c3Npb24gb24gS3JlYnNvblNlY3VyaXR5IChodHRwczovL2tyZWJzb25zZWN1 cml0eS5jb20vMjAyMS8xMS90cm9qYW4tc291cmNlLWJ1Zy10aHJlYXRlbnMtdGhlLXNlY3VyaXR5 LW9mLWFsbC1jb2RlLykgYW5kIHRoZSBXZWIgc2l0ZSAoaHR0cHM6Ly93d3cudHJvamFuc291cmNl LmNvZGVzLykgYW5kIG9yaWdpbmFsIHBhcGVyIChodHRwczovL3d3dy50cm9qYW5zb3VyY2UuY29k ZXMvdHJvamFuLXNvdXJjZS5wZGYpLg0KDQpJIGNvbnRhY3RlZCB0aGUgUnVieSBzZWN1cml0eSBs aXN0LCB3aGljaCB3YXMgYWxyZWFkeSBhd2FyZSBvZiB0aGUgaXNzdWUsIGFuZCB3ZSBhZ3JlZWQg dG8gZGlzY3VzcyB0aGlzIGhlcmUgYmVjYXVzZSB0aGUgdnVsbmVyYWJpbGl0eSBpcyBhbHJlYWR5 IHB1YmxpYy4NCg0KVGhlIHBhcGVyIGZvY3VzZXMgb24gdGhlIHVzZSBvZiBbQV0gRGlyZWN0aW9u YWwgRm9ybWF0dGluZyBDaGFyYWN0ZXJzICgqMSkgaW4gc3RyaW5nIGNvbnN0YW50cywgY29tbWVu dHMsIGFuZCBzaW1pbGFyIGNvbnN0cnVjdHMgdG8gY2hhbmdlIHRoZSB2aXN1YWwgYXBwZWFyYW5j ZSBvZiBjb2RlIG91dHNpZGUgdGhlc2UgY29uc3RydWN0cy4gVGhlcmUgYXJlIHJlbGF0ZWQgdnVs bmVyYWJpbGl0aWVzLCBuYW1lbHkgdGhlIHVzZSBvZiBbQl0gbm9uLXNwYWNpbmcgKGFuZCB0aGVy ZWZvcmUgbW9zdGx5IGludmlzaWJsZSkgY2hhcmFjdGVycyBlLmcuIGluIHZhcmlhYmxlIG5hbWVz LCBhbmQgdGhlIHVzZSBvZiBbQ10gbWl4ZWQtc2NyaXB0IGlkZW50aWZpZXJzLCB3aGljaCBhbHNv IGxldHMgc29tZSB2YXJpYWJsZSBuYW1lcyBsb29rIGlkZW50aWNhbCBldmVuIGlmIHRoZXkgYXJl IG5vdC4NCg0KU29tZSBsYW5ndWFnZXMsIHN1Y2ggYXMgUnVzdCwgaGF2ZSBhZGRyZXNzZWQgW0Fd IChzZWUgaHR0cHM6Ly9ibG9nLnJ1c3QtbGFuZy5vcmcvMjAyMS8xMS8wMS9jdmUtMjAyMS00MjU3 NC5odG1sKSBieSByZXF1aXJpbmcgZXNjYXBlcyB0byBiZSB1c2VkIGZvciB0aGUgcmVsZXZhbnQg Y2hhcmFjdGVycyBpbiBzb3VyY2UuIE9uIHRoZSBvdGhlciBoYW5kLCBwZW9wbGUgc3VjaCBhcyBS dXNzIENveCB0aGluayBjb21waWxlcnMgYXJlIHRoZSB3cm9uZyBwbGFjZSB0byBhZGRyZXNzIHRo ZSBpc3N1ZTsgaXQgc2hvdWxkIGJlIGFkZHJlc3NlZCBpbiBlZGl0b3JzIGFuZCBzaW1pbGFyIHRv b2xzIChzZWUgaHR0cHM6Ly9yZXNlYXJjaC5zd3RjaC5jb20vdHJvamFuKS4gR2l0aHViIG5vdyB3 YXJucyBhYm91dCANCg0KVGhlIHF1ZXN0aW9uIGlzIHdoYXQgUnVieSBzaG91bGQgZG8sIGlmIGFu eXRoaW5nLg0KQWRkcmVzc2luZyBbQV0gc2ltaWxhciB0byBob3cgUnVzdCBkb2VzIGl0IGNhbiBi ZSBkb25lIHJlbGF0aXZlbHkgZWFzaWx5LiBJZiB0aGF0J3MgZG9uZSwgSSdkIHByZWZlciB0byBv bmx5IHJlamVjdCBpbmNvbXBsZXRlIEJpZGkgY29udHJvbCBzZXF1ZW5jZXMsIHdoaWNoIGlzIGEg Yml0IG1vcmUgY29tcGxpY2F0ZWQuIEluIHBhcnRpY3VsYXIsIHN0cmluZyBpbnRlcnBvbGF0aW9u IG5lZWRzIGEgdmVyeSBjYXJlZnVsIGFuYWx5c2lzLg0KRm9yIFtCXSwgSSdsbCBvcGVuIGEgc2Vw YXJhdGUgaXNzdWUuDQpGb3IgW0NdLCB3ZSBoYXZlIGFsbCBkYXRhIGFib3V0IHNjcmlwdHMsIGJ1 dCB0aGUgd2F5IGl0J3MgY3VycmVudGx5IHN0cnVjdHVyZWQgbWFrZXMgZmluZGluZyBvdXQgd2hp Y2ggY2hhcmFjdGVyIGEgc2NyaXB0IGJlbG9uZ3MgdG8gcXVpdGUgaW5lZmZpY2llbnQuDQoNCg0K KCoxKSAiRGlyZWN0aW9uYWwgRm9ybWF0dGluZyBDaGFyYWN0ZXIiIGlzIHRoZSBvZmZpY2lhbCBV bmljb2RlIHRlcm0gKHNlZSBodHRwczovL3d3dy51bmljb2RlLm9yZy9yZXBvcnRzL3RyOS8jRGly ZWN0aW9uYWxfRm9ybWF0dGluZ19DaGFyYWN0ZXJzKS4gVGhlIHRlcm1zICJCaWRpL0JpZGlyZWN0 aW9uYWwgY29udHJvbCIgb3IgIkJpZGkvQmlkaXJlY3Rpb25hbCBjb250cm9sIGNoYXJhY3RlciIg YXJlIGFsc28gdXNlZC4gT3ZlcmFsbCwgdGhlcmUgYXJlIDkgc3VjaCBjaGFyYWN0ZXJzLiBVbmZv cnR1bmF0ZWx5LCBib3RoIHRoZSBwYXBlciBhbmQgS3JlYnNvblNlY3VyaXR5IHVzZSB0aGUgdGVy bSAiQmlkaSBPdmVycmlkZSIsIHdoaWNoIGlzIGhpZ2hseSBtaXNsZWFkaW5nLiBUaGUgdGVybSDi gJxCaWRpIE92ZXJyaWRl4oCdIGlzIHJlc2VydmVkIGZvciB0d28gY2hhcmFjdGVycyBvbmx5Og0K TFJPLCBVKzIwMkQsIExlZnQtdG8tUmlnaHQgT3ZlcnJpZGUsIGFuZCBSTE8sIFUrMjAyRSwgUmln aHQtdG8tTGVmdCBPdmVycmlkZSAoc2VlIFRhYmxlIDEgaW4gdGhlIHBhcGVyKS4gSXQgaXMgYWxz byB1c2VkIGZvciB0aGUgcGhlbm9tZW5vbiBhc3NvY2lhdGVkIHdpdGggdGhlc2UgdHdvIGNoYXJh Y3RlcnMsIGEg4oCcaGFyZOKAnSBvdmVycmlkZSAoaS5lLiBhZmZlY3RpbmcgYWxsIGNoYXJhY3Rl cnMgaW5jbHVkaW5nIGUuZy4gdGhlIExhdGluIGFscGhhYmV0KSwgYW5kIG1lY2hhbmlzbXMgaW4g b3RoZXIgdGVjaG5vbG9neSB0aGF0IGFjaGlldmUgdGhlIHNhbWUgKGUuZy4gdGhlIEhUTUwgYmRv IGVsZW1lbnQgKGh0dHBzOi8vaHRtbC5zcGVjLndoYXR3Zy5vcmcvI3RoZS1iZG8tZWxlbWVudCkg b3IgdGhlIOKAmGJpZGktb3ZlcnJpZGXigJkgdmFsdWUgb2YgdGhlIHVuaWNvZGUtYmlkaSBwcm9w ZXJ0eSBpbiBDU1MgKGh0dHBzOi8vd3d3LnczLm9yZy9UUi9DU1MyL3Zpc3VyZW4uaHRtbCNwcm9w ZGVmLXVuaWNvZGUtYmlkaSkpLg0KDQoNCg0KDQotLSANCmh0dHBzOi8vYnVncy5ydWJ5LWxhbmcu b3JnLw0KIF9fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX18KIHJ1 YnktY29yZSBtYWlsaW5nIGxpc3QgLS0gcnVieS1jb3JlQG1sLnJ1YnktbGFuZy5vcmcKIFRvIHVu c3Vic2NyaWJlIHNlbmQgYW4gZW1haWwgdG8gcnVieS1jb3JlLWxlYXZlQG1sLnJ1YnktbGFuZy5v cmcKIHJ1YnktY29yZSBpbmZvIC0tIGh0dHBzOi8vbWwucnVieS1sYW5nLm9yZy9tYWlsbWFuMy9s aXN0cy9ydWJ5LWNvcmUubWwucnVieS1sYW5nLm9yZy8=