From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on dcvr.yhbt.net X-Spam-Level: X-Spam-ASN: AS4713 221.184.0.0/13 X-Spam-Status: No, score=-3.6 required=3.0 tests=AWL,BAYES_00,DKIM_INVALID, DKIM_SIGNED,MAILING_LIST_MULTI,RCVD_IN_DNSWL_MED,SPF_HELO_NONE, SPF_PASS,UNPARSEABLE_RELAY,URIBL_GREY shortcircuit=no autolearn=no autolearn_force=no version=3.4.2 Received: from neon.ruby-lang.org (neon.ruby-lang.org [221.186.184.75]) by dcvr.yhbt.net (Postfix) with ESMTP id 9F7AB1F953 for ; Mon, 15 Nov 2021 02:50:32 +0000 (UTC) Received: from neon.ruby-lang.org (localhost [IPv6:::1]) by neon.ruby-lang.org (Postfix) with ESMTP id A71E9120AA6; Mon, 15 Nov 2021 11:50:29 +0900 (JST) Received: from o1678948x4.outbound-mail.sendgrid.net (o1678948x4.outbound-mail.sendgrid.net [167.89.48.4]) by neon.ruby-lang.org (Postfix) with ESMTPS id 3CE4F120AA9 for ; Mon, 15 Nov 2021 11:50:27 +0900 (JST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sendgrid.me; h=from:references:subject:mime-version:content-type: content-transfer-encoding:list-id:to; s=smtpapi; bh=4fteaRvsjtN2aYb8/FumhUG4LaNFFJdZhdlm4udWJF8=; b=H5iR2T9A8EdeeJ5BegWSwBWXhbZLlgDeBc06OiEICGhSZ/i3WNBVrlTiNqK7zlXYvYay NE5k0H05exYHDKW1JqAP6vufV3VcV4qVpKaRGdK4CCw7qJ8hzfosPX+F2OSsNOGHQVv3zd qIiiZK4szzNCyoY2hdKWV8UtRP9RTn8+o= Received: by filterdrecv-75ff7b5ffb-t2q6v with SMTP id filterdrecv-75ff7b5ffb-t2q6v-1-6191CAF1-5 2021-11-15 02:50:25.136824306 +0000 UTC m=+6409790.410920877 Received: from herokuapp.com (unknown) by geopod-ismtpd-3-0 (SG) with ESMTP id Ru_qCcHaTlWUn5OCVUYY6Q for ; Mon, 15 Nov 2021 02:50:24.984 +0000 (UTC) Date: Mon, 15 Nov 2021 02:50:25 +0000 (UTC) From: duerst Message-ID: References: Mime-Version: 1.0 X-Redmine-Project: ruby-master X-Redmine-Issue-Tracker: Feature X-Redmine-Issue-Id: 18336 X-Redmine-Issue-Author: duerst X-Redmine-Sender: duerst X-Mailer: Redmine X-Redmine-Host: bugs.ruby-lang.org X-Redmine-Site: Ruby Issue Tracking System X-Auto-Response-Suppress: All Auto-Submitted: auto-generated X-Redmine-MailingListIntegration-Message-Ids: 82302 X-SG-EID: =?us-ascii?Q?sZFLhNnqjcW9Ht8ByfkgOQbWPVETXXFxLuf0UPwpQ=2FbXrx066LnwciY0taRhC1?= =?us-ascii?Q?++A6DTJJ4lt=2FzJkwBQUmmbJXhB+C4nQ033MjSGj?= =?us-ascii?Q?je1hQu59maBuOqy04H93clMov5BTTczXKAIEUkp?= =?us-ascii?Q?ls8poMAG4u9DbX8W15ibk59USrMLDMc7DT9uHT7?= =?us-ascii?Q?4PY7JyOHM+CwPg5A=2FPqhbvzxwA8Ec6lCoohALX7?= =?us-ascii?Q?3EqsDm=2FzoPR2m5F=2F4Af0Ho3OBssLrUn5z+snoOf?= =?us-ascii?Q?MFmTGMDHdvUux5Rf2roBg=3D=3D?= To: ruby-core@ruby-lang.org X-Entity-ID: b/2+PoftWZ6GuOu3b0IycA== X-ML-Name: ruby-core X-Mail-Count: 106061 Subject: [ruby-core:106061] [Ruby master Feature#18336] How to deal with Trojan Source vulnerability X-BeenThere: ruby-core@ruby-lang.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Ruby developers List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Reply-To: Ruby developers Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 Errors-To: ruby-core-bounces@ruby-lang.org Sender: "ruby-core" SXNzdWUgIzE4MzM2IGhhcyBiZWVuIHVwZGF0ZWQgYnkgZHVlcnN0IChNYXJ0aW4gRMO8cnN0KS4N Cg0KDQpWU0NvZGUgZGVhbCB3aXRoIHRoZSBCaWRpIGNvbnRyb2wgY2hhcmFjdGVycyBhdCBodHRw czovL2NvZGUudmlzdWFsc3R1ZGlvLmNvbS91cGRhdGVzL3YxXzYyI191bmljb2RlLWRpcmVjdGlv bmFsLWZvcm1hdHRpbmctY2hhcmFjdGVycy4NCg0KLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tLS0tLQ0KRmVhdHVyZSAjMTgzMzY6IEhvdyB0byBkZWFsIHdpdGggVHJvamFuIFNv dXJjZSB2dWxuZXJhYmlsaXR5DQpodHRwczovL2J1Z3MucnVieS1sYW5nLm9yZy9pc3N1ZXMvMTgz MzYjY2hhbmdlLTk0NjUyDQoNCiogQXV0aG9yOiBkdWVyc3QgKE1hcnRpbiBEw7xyc3QpDQoqIFN0 YXR1czogT3Blbg0KKiBQcmlvcml0eTogTm9ybWFsDQotLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tLS0tLS0tDQpUaGUgIlRvcmphbiBTb3VyY2UiIHZ1bG5lcmFiaWxpdHkgcmVjZW50 bHkgaGFzIGNhdWdodCBzb21lIGF0dGVudGlvbi4NCg0KVGhlIHZ1bG5lcmFiaWxpdHkgaW52b2x2 ZXMgdXNpbmcgY2VydGFpbiBjb21iaW5hdGlvbnMgb2YgVW5pY29kZSBjaGFyYWN0ZXJzIHRvIGxl dCBzb3VyY2UgY29kZSBsb29rIGxpa2UgaXQgaXMgY29ycmVjdCAoYW5kIHRoZXJlZm9yZSBwYXNz IGNvZGUgcmV2aWV3LC4uLikgYnV0IGFjdHVhbGx5IGRvIHNvbWV0aGluZyBlbHNlIHRoYW4gaW50 ZW5kZWQuDQoNCkZvciBiYWNrZ3JvdW5kLCBwbGVhc2Ugc2VlIGRpc2N1c3Npb24gb24gS3JlYnNv blNlY3VyaXR5IChodHRwczovL2tyZWJzb25zZWN1cml0eS5jb20vMjAyMS8xMS90cm9qYW4tc291 cmNlLWJ1Zy10aHJlYXRlbnMtdGhlLXNlY3VyaXR5LW9mLWFsbC1jb2RlLykgYW5kIHRoZSBXZWIg c2l0ZSAoaHR0cHM6Ly93d3cudHJvamFuc291cmNlLmNvZGVzLykgYW5kIG9yaWdpbmFsIHBhcGVy IChodHRwczovL3d3dy50cm9qYW5zb3VyY2UuY29kZXMvdHJvamFuLXNvdXJjZS5wZGYpLg0KDQpJ IGNvbnRhY3RlZCB0aGUgUnVieSBzZWN1cml0eSBsaXN0LCB3aGljaCB3YXMgYWxyZWFkeSBhd2Fy ZSBvZiB0aGUgaXNzdWUsIGFuZCB3ZSBhZ3JlZWQgdG8gZGlzY3VzcyB0aGlzIGhlcmUgYmVjYXVz ZSB0aGUgdnVsbmVyYWJpbGl0eSBpcyBhbHJlYWR5IHB1YmxpYy4NCg0KVGhlIHBhcGVyIGZvY3Vz ZXMgb24gdGhlIHVzZSBvZiBbQV0gRGlyZWN0aW9uYWwgRm9ybWF0dGluZyBDaGFyYWN0ZXJzICgq MSkgaW4gc3RyaW5nIGNvbnN0YW50cywgY29tbWVudHMsIGFuZCBzaW1pbGFyIGNvbnN0cnVjdHMg dG8gY2hhbmdlIHRoZSB2aXN1YWwgYXBwZWFyYW5jZSBvZiBjb2RlIG91dHNpZGUgdGhlc2UgY29u c3RydWN0cy4gVGhlcmUgYXJlIHJlbGF0ZWQgdnVsbmVyYWJpbGl0aWVzLCBuYW1lbHkgdGhlIHVz ZSBvZiBbQl0gbm9uLXNwYWNpbmcgKGFuZCB0aGVyZWZvcmUgbW9zdGx5IGludmlzaWJsZSkgY2hh cmFjdGVycyBlLmcuIGluIHZhcmlhYmxlIG5hbWVzLCBhbmQgdGhlIHVzZSBvZiBbQ10gbWl4ZWQt c2NyaXB0IGlkZW50aWZpZXJzLCB3aGljaCBhbHNvIGxldHMgc29tZSB2YXJpYWJsZSBuYW1lcyBs b29rIGlkZW50aWNhbCBldmVuIGlmIHRoZXkgYXJlIG5vdC4NCg0KU29tZSBsYW5ndWFnZXMsIHN1 Y2ggYXMgUnVzdCwgaGF2ZSBhZGRyZXNzZWQgW0FdIChzZWUgaHR0cHM6Ly9ibG9nLnJ1c3QtbGFu Zy5vcmcvMjAyMS8xMS8wMS9jdmUtMjAyMS00MjU3NC5odG1sKSBieSByZXF1aXJpbmcgZXNjYXBl cyB0byBiZSB1c2VkIGZvciB0aGUgcmVsZXZhbnQgY2hhcmFjdGVycyBpbiBzb3VyY2UuIE9uIHRo ZSBvdGhlciBoYW5kLCBwZW9wbGUgc3VjaCBhcyBSdXNzIENveCB0aGluayBjb21waWxlcnMgYXJl IHRoZSB3cm9uZyBwbGFjZSB0byBhZGRyZXNzIHRoZSBpc3N1ZTsgaXQgc2hvdWxkIGJlIGFkZHJl c3NlZCBpbiBlZGl0b3JzIGFuZCBzaW1pbGFyIHRvb2xzIChzZWUgaHR0cHM6Ly9yZXNlYXJjaC5z d3RjaC5jb20vdHJvamFuKS4gR2l0aHViIG5vdyB3YXJucyBhYm91dCANCg0KVGhlIHF1ZXN0aW9u IGlzIHdoYXQgUnVieSBzaG91bGQgZG8sIGlmIGFueXRoaW5nLg0KQWRkcmVzc2luZyBbQV0gc2lt aWxhciB0byBob3cgUnVzdCBkb2VzIGl0IGNhbiBiZSBkb25lIHJlbGF0aXZlbHkgZWFzaWx5LiBJ ZiB0aGF0J3MgZG9uZSwgSSdkIHByZWZlciB0byBvbmx5IHJlamVjdCBpbmNvbXBsZXRlIEJpZGkg Y29udHJvbCBzZXF1ZW5jZXMsIHdoaWNoIGlzIGEgYml0IG1vcmUgY29tcGxpY2F0ZWQuIEluIHBh cnRpY3VsYXIsIHN0cmluZyBpbnRlcnBvbGF0aW9uIG5lZWRzIGEgdmVyeSBjYXJlZnVsIGFuYWx5 c2lzLg0KRm9yIFtCXSwgSSdsbCBvcGVuIGEgc2VwYXJhdGUgaXNzdWUuDQpGb3IgW0NdLCB3ZSBo YXZlIGFsbCBkYXRhIGFib3V0IHNjcmlwdHMsIGJ1dCB0aGUgd2F5IGl0J3MgY3VycmVudGx5IHN0 cnVjdHVyZWQgbWFrZXMgZmluZGluZyBvdXQgd2hpY2ggY2hhcmFjdGVyIGEgc2NyaXB0IGJlbG9u Z3MgdG8gcXVpdGUgaW5lZmZpY2llbnQuDQoNCg0KKCoxKSAiRGlyZWN0aW9uYWwgRm9ybWF0dGlu ZyBDaGFyYWN0ZXIiIGlzIHRoZSBvZmZpY2lhbCBVbmljb2RlIHRlcm0gKHNlZSBodHRwczovL3d3 dy51bmljb2RlLm9yZy9yZXBvcnRzL3RyOS8jRGlyZWN0aW9uYWxfRm9ybWF0dGluZ19DaGFyYWN0 ZXJzKS4gVGhlIHRlcm1zICJCaWRpL0JpZGlyZWN0aW9uYWwgY29udHJvbCIgb3IgIkJpZGkvQmlk aXJlY3Rpb25hbCBjb250cm9sIGNoYXJhY3RlciIgYXJlIGFsc28gdXNlZC4gT3ZlcmFsbCwgdGhl cmUgYXJlIDkgc3VjaCBjaGFyYWN0ZXJzLiBVbmZvcnR1bmF0ZWx5LCBib3RoIHRoZSBwYXBlciBh bmQgS3JlYnNvblNlY3VyaXR5IHVzZSB0aGUgdGVybSAiQmlkaSBPdmVycmlkZSIsIHdoaWNoIGlz IGhpZ2hseSBtaXNsZWFkaW5nLiBUaGUgdGVybSDigJxCaWRpIE92ZXJyaWRl4oCdIGlzIHJlc2Vy dmVkIGZvciB0d28gY2hhcmFjdGVycyBvbmx5Og0KTFJPLCBVKzIwMkQsIExlZnQtdG8tUmlnaHQg T3ZlcnJpZGUsIGFuZCBSTE8sIFUrMjAyRSwgUmlnaHQtdG8tTGVmdCBPdmVycmlkZSAoc2VlIFRh YmxlIDEgaW4gdGhlIHBhcGVyKS4gSXQgaXMgYWxzbyB1c2VkIGZvciB0aGUgcGhlbm9tZW5vbiBh c3NvY2lhdGVkIHdpdGggdGhlc2UgdHdvIGNoYXJhY3RlcnMsIGEg4oCcaGFyZOKAnSBvdmVycmlk ZSAoaS5lLiBhZmZlY3RpbmcgYWxsIGNoYXJhY3RlcnMgaW5jbHVkaW5nIGUuZy4gdGhlIExhdGlu IGFscGhhYmV0KSwgYW5kIG1lY2hhbmlzbXMgaW4gb3RoZXIgdGVjaG5vbG9neSB0aGF0IGFjaGll dmUgdGhlIHNhbWUgKGUuZy4gdGhlIEhUTUwgYmRvIGVsZW1lbnQgKGh0dHBzOi8vaHRtbC5zcGVj LndoYXR3Zy5vcmcvI3RoZS1iZG8tZWxlbWVudCkgb3IgdGhlIOKAmGJpZGktb3ZlcnJpZGXigJkg dmFsdWUgb2YgdGhlIHVuaWNvZGUtYmlkaSBwcm9wZXJ0eSBpbiBDU1MgKGh0dHBzOi8vd3d3Lncz Lm9yZy9UUi9DU1MyL3Zpc3VyZW4uaHRtbCNwcm9wZGVmLXVuaWNvZGUtYmlkaSkpLg0KDQoNCg0K DQotLSANCmh0dHBzOi8vYnVncy5ydWJ5LWxhbmcub3JnLw0K