From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on dcvr.yhbt.net X-Spam-Level: X-Spam-ASN: AS4713 221.184.0.0/13 X-Spam-Status: No, score=-3.6 required=3.0 tests=AWL,BAYES_00,DKIM_INVALID, DKIM_SIGNED,MAILING_LIST_MULTI,RCVD_IN_DNSWL_MED,SPF_HELO_NONE, SPF_PASS,UNPARSEABLE_RELAY,URIBL_GREY shortcircuit=no autolearn=no autolearn_force=no version=3.4.2 Received: from neon.ruby-lang.org (neon.ruby-lang.org [221.186.184.75]) by dcvr.yhbt.net (Postfix) with ESMTP id A79CE1F953 for ; Mon, 15 Nov 2021 05:33:48 +0000 (UTC) Received: from neon.ruby-lang.org (localhost [IPv6:::1]) by neon.ruby-lang.org (Postfix) with ESMTP id 0B342120B3B; Mon, 15 Nov 2021 14:33:45 +0900 (JST) Received: from o1678948x4.outbound-mail.sendgrid.net (o1678948x4.outbound-mail.sendgrid.net [167.89.48.4]) by neon.ruby-lang.org (Postfix) with ESMTPS id E43E7120B37 for ; Mon, 15 Nov 2021 14:33:43 +0900 (JST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sendgrid.me; h=from:references:subject:mime-version:content-type: content-transfer-encoding:list-id:to; s=smtpapi; bh=b/Q6m+MLsGRv4db6ws9/VQOnjVwYlmhm9SqmTTc8uM4=; b=WDWkUJbC/J8Gx4o1kPNQ8SwuN3xpw+c9yAGmxsPwHpekCNixq3yQZTJoAki2fET3ka25 fBAcGypSKgsD9NGmXSj/rRcBzRu/BnCK7YUSQD9AnT9wINNoe0XsmsudY+BAR+qiBmQ2Er PX9YdFxoIt2IjZ10YzaSM/2lf3fOph9cI= Received: by filterdrecv-55446c4d49-wfr6q with SMTP id filterdrecv-55446c4d49-wfr6q-1-6191F133-A 2021-11-15 05:33:39.594960515 +0000 UTC m=+6419633.613141512 Received: from herokuapp.com (unknown) by geopod-ismtpd-1-2 (SG) with ESMTP id gNWnsv2STN-7VtEJ1hc_Ag for ; Mon, 15 Nov 2021 05:33:39.581 +0000 (UTC) Date: Mon, 15 Nov 2021 05:33:39 +0000 (UTC) From: "mame (Yusuke Endoh)" Message-ID: References: Mime-Version: 1.0 X-Redmine-Project: ruby-master X-Redmine-Issue-Tracker: Feature X-Redmine-Issue-Id: 18336 X-Redmine-Issue-Author: duerst X-Redmine-Sender: mame X-Mailer: Redmine X-Redmine-Host: bugs.ruby-lang.org X-Redmine-Site: Ruby Issue Tracking System X-Auto-Response-Suppress: All Auto-Submitted: auto-generated X-Redmine-MailingListIntegration-Message-Ids: 82305 X-SG-EID: =?us-ascii?Q?YbSlef6ZOa=2FS=2FuqSxXRzl42MttQDxKOujGe43WuBjI7JKMg2OkmRsyzG5za6L9?= =?us-ascii?Q?e1flZkYZ9OViVy5Lc4acvpZgX3lBlbH+P7ZPOdn?= =?us-ascii?Q?yc7cU6t=2FdWdGKdg5eEGeuUe35i4qXjA11EQlbB8?= =?us-ascii?Q?gpllzTTRZHASPxzrUTQ+9gAM7AjsruSqVYGnkcS?= =?us-ascii?Q?yQyJLJn1blE684rbjadF3GNC5dtSaEZLRBYeU2Y?= =?us-ascii?Q?ls8Q=2FrNGcKLonpiPFJRp4p+ma8WLCfmqYqsyxzp?= =?us-ascii?Q?LJMqOxNraLzdNkGN6yQNw=3D=3D?= To: ruby-core@ruby-lang.org X-Entity-ID: b/2+PoftWZ6GuOu3b0IycA== X-ML-Name: ruby-core X-Mail-Count: 106064 Subject: [ruby-core:106064] [Ruby master Feature#18336] How to deal with Trojan Source vulnerability X-BeenThere: ruby-core@ruby-lang.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Ruby developers List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Reply-To: Ruby developers Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 Errors-To: ruby-core-bounces@ruby-lang.org Sender: "ruby-core" SXNzdWUgIzE4MzM2IGhhcyBiZWVuIHVwZGF0ZWQgYnkgbWFtZSAoWXVzdWtlIEVuZG9oKS4NCg0K DQpJJ20gYWZyYWlkIGlmIHByb2hpYml0aW5nIG9yIHdhcm5pbmcgYmlkaSBjaGFyYXRlcnMgbWF5 IGJvdGhlciBwcm9ncmFtbWVycyB3aG8gdXNlIEFyYWJpYyBhbmQvb3IgSGVicmV3Lg0KDQpKdXN0 IEZZSTogUnVib2NvcCBoYXMgYW4gaXNzdWUgdG8gYWRkcmVzcyB0aGlzIGlzc3VlLiBodHRwczov L2dpdGh1Yi5jb20vcnVib2NvcC9ydWJvY29wL2lzc3Vlcy8xMDIyNg0KDQotLS0tLS0tLS0tLS0t LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tDQpGZWF0dXJlICMxODMzNjogSG93IHRvIGRlYWwg d2l0aCBUcm9qYW4gU291cmNlIHZ1bG5lcmFiaWxpdHkNCmh0dHBzOi8vYnVncy5ydWJ5LWxhbmcu b3JnL2lzc3Vlcy8xODMzNiNjaGFuZ2UtOTQ2NTUNCg0KKiBBdXRob3I6IGR1ZXJzdCAoTWFydGlu IETDvHJzdCkNCiogU3RhdHVzOiBPcGVuDQoqIFByaW9yaXR5OiBOb3JtYWwNCi0tLS0tLS0tLS0t LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0NClRoZSAiVG9yamFuIFNvdXJjZSIgdnVsbmVy YWJpbGl0eSByZWNlbnRseSBoYXMgY2F1Z2h0IHNvbWUgYXR0ZW50aW9uLg0KDQpUaGUgdnVsbmVy YWJpbGl0eSBpbnZvbHZlcyB1c2luZyBjZXJ0YWluIGNvbWJpbmF0aW9ucyBvZiBVbmljb2RlIGNo YXJhY3RlcnMgdG8gbGV0IHNvdXJjZSBjb2RlIGxvb2sgbGlrZSBpdCBpcyBjb3JyZWN0IChhbmQg dGhlcmVmb3JlIHBhc3MgY29kZSByZXZpZXcsLi4uKSBidXQgYWN0dWFsbHkgZG8gc29tZXRoaW5n IGVsc2UgdGhhbiBpbnRlbmRlZC4NCg0KRm9yIGJhY2tncm91bmQsIHBsZWFzZSBzZWUgZGlzY3Vz c2lvbiBvbiBLcmVic29uU2VjdXJpdHkgKGh0dHBzOi8va3JlYnNvbnNlY3VyaXR5LmNvbS8yMDIx LzExL3Ryb2phbi1zb3VyY2UtYnVnLXRocmVhdGVucy10aGUtc2VjdXJpdHktb2YtYWxsLWNvZGUv KSBhbmQgdGhlIFdlYiBzaXRlIChodHRwczovL3d3dy50cm9qYW5zb3VyY2UuY29kZXMvKSBhbmQg b3JpZ2luYWwgcGFwZXIgKGh0dHBzOi8vd3d3LnRyb2phbnNvdXJjZS5jb2Rlcy90cm9qYW4tc291 cmNlLnBkZikuDQoNCkkgY29udGFjdGVkIHRoZSBSdWJ5IHNlY3VyaXR5IGxpc3QsIHdoaWNoIHdh cyBhbHJlYWR5IGF3YXJlIG9mIHRoZSBpc3N1ZSwgYW5kIHdlIGFncmVlZCB0byBkaXNjdXNzIHRo aXMgaGVyZSBiZWNhdXNlIHRoZSB2dWxuZXJhYmlsaXR5IGlzIGFscmVhZHkgcHVibGljLg0KDQpU aGUgcGFwZXIgZm9jdXNlcyBvbiB0aGUgdXNlIG9mIFtBXSBEaXJlY3Rpb25hbCBGb3JtYXR0aW5n IENoYXJhY3RlcnMgKCoxKSBpbiBzdHJpbmcgY29uc3RhbnRzLCBjb21tZW50cywgYW5kIHNpbWls YXIgY29uc3RydWN0cyB0byBjaGFuZ2UgdGhlIHZpc3VhbCBhcHBlYXJhbmNlIG9mIGNvZGUgb3V0 c2lkZSB0aGVzZSBjb25zdHJ1Y3RzLiBUaGVyZSBhcmUgcmVsYXRlZCB2dWxuZXJhYmlsaXRpZXMs IG5hbWVseSB0aGUgdXNlIG9mIFtCXSBub24tc3BhY2luZyAoYW5kIHRoZXJlZm9yZSBtb3N0bHkg aW52aXNpYmxlKSBjaGFyYWN0ZXJzIGUuZy4gaW4gdmFyaWFibGUgbmFtZXMsIGFuZCB0aGUgdXNl IG9mIFtDXSBtaXhlZC1zY3JpcHQgaWRlbnRpZmllcnMsIHdoaWNoIGFsc28gbGV0cyBzb21lIHZh cmlhYmxlIG5hbWVzIGxvb2sgaWRlbnRpY2FsIGV2ZW4gaWYgdGhleSBhcmUgbm90Lg0KDQpTb21l IGxhbmd1YWdlcywgc3VjaCBhcyBSdXN0LCBoYXZlIGFkZHJlc3NlZCBbQV0gKHNlZSBodHRwczov L2Jsb2cucnVzdC1sYW5nLm9yZy8yMDIxLzExLzAxL2N2ZS0yMDIxLTQyNTc0Lmh0bWwpIGJ5IHJl cXVpcmluZyBlc2NhcGVzIHRvIGJlIHVzZWQgZm9yIHRoZSByZWxldmFudCBjaGFyYWN0ZXJzIGlu IHNvdXJjZS4gT24gdGhlIG90aGVyIGhhbmQsIHBlb3BsZSBzdWNoIGFzIFJ1c3MgQ294IHRoaW5r IGNvbXBpbGVycyBhcmUgdGhlIHdyb25nIHBsYWNlIHRvIGFkZHJlc3MgdGhlIGlzc3VlOyBpdCBz aG91bGQgYmUgYWRkcmVzc2VkIGluIGVkaXRvcnMgYW5kIHNpbWlsYXIgdG9vbHMgKHNlZSBodHRw czovL3Jlc2VhcmNoLnN3dGNoLmNvbS90cm9qYW4pLiBHaXRodWIgbm93IHdhcm5zIGFib3V0IA0K DQpUaGUgcXVlc3Rpb24gaXMgd2hhdCBSdWJ5IHNob3VsZCBkbywgaWYgYW55dGhpbmcuDQpBZGRy ZXNzaW5nIFtBXSBzaW1pbGFyIHRvIGhvdyBSdXN0IGRvZXMgaXQgY2FuIGJlIGRvbmUgcmVsYXRp dmVseSBlYXNpbHkuIElmIHRoYXQncyBkb25lLCBJJ2QgcHJlZmVyIHRvIG9ubHkgcmVqZWN0IGlu Y29tcGxldGUgQmlkaSBjb250cm9sIHNlcXVlbmNlcywgd2hpY2ggaXMgYSBiaXQgbW9yZSBjb21w bGljYXRlZC4gSW4gcGFydGljdWxhciwgc3RyaW5nIGludGVycG9sYXRpb24gbmVlZHMgYSB2ZXJ5 IGNhcmVmdWwgYW5hbHlzaXMuDQpGb3IgW0JdLCBJJ2xsIG9wZW4gYSBzZXBhcmF0ZSBpc3N1ZS4N CkZvciBbQ10sIHdlIGhhdmUgYWxsIGRhdGEgYWJvdXQgc2NyaXB0cywgYnV0IHRoZSB3YXkgaXQn cyBjdXJyZW50bHkgc3RydWN0dXJlZCBtYWtlcyBmaW5kaW5nIG91dCB3aGljaCBjaGFyYWN0ZXIg YSBzY3JpcHQgYmVsb25ncyB0byBxdWl0ZSBpbmVmZmljaWVudC4NCg0KDQooKjEpICJEaXJlY3Rp b25hbCBGb3JtYXR0aW5nIENoYXJhY3RlciIgaXMgdGhlIG9mZmljaWFsIFVuaWNvZGUgdGVybSAo c2VlIGh0dHBzOi8vd3d3LnVuaWNvZGUub3JnL3JlcG9ydHMvdHI5LyNEaXJlY3Rpb25hbF9Gb3Jt YXR0aW5nX0NoYXJhY3RlcnMpLiBUaGUgdGVybXMgIkJpZGkvQmlkaXJlY3Rpb25hbCBjb250cm9s IiBvciAiQmlkaS9CaWRpcmVjdGlvbmFsIGNvbnRyb2wgY2hhcmFjdGVyIiBhcmUgYWxzbyB1c2Vk LiBPdmVyYWxsLCB0aGVyZSBhcmUgOSBzdWNoIGNoYXJhY3RlcnMuIFVuZm9ydHVuYXRlbHksIGJv dGggdGhlIHBhcGVyIGFuZCBLcmVic29uU2VjdXJpdHkgdXNlIHRoZSB0ZXJtICJCaWRpIE92ZXJy aWRlIiwgd2hpY2ggaXMgaGlnaGx5IG1pc2xlYWRpbmcuIFRoZSB0ZXJtIOKAnEJpZGkgT3ZlcnJp ZGXigJ0gaXMgcmVzZXJ2ZWQgZm9yIHR3byBjaGFyYWN0ZXJzIG9ubHk6DQpMUk8sIFUrMjAyRCwg TGVmdC10by1SaWdodCBPdmVycmlkZSwgYW5kIFJMTywgVSsyMDJFLCBSaWdodC10by1MZWZ0IE92 ZXJyaWRlIChzZWUgVGFibGUgMSBpbiB0aGUgcGFwZXIpLiBJdCBpcyBhbHNvIHVzZWQgZm9yIHRo ZSBwaGVub21lbm9uIGFzc29jaWF0ZWQgd2l0aCB0aGVzZSB0d28gY2hhcmFjdGVycywgYSDigJxo YXJk4oCdIG92ZXJyaWRlIChpLmUuIGFmZmVjdGluZyBhbGwgY2hhcmFjdGVycyBpbmNsdWRpbmcg ZS5nLiB0aGUgTGF0aW4gYWxwaGFiZXQpLCBhbmQgbWVjaGFuaXNtcyBpbiBvdGhlciB0ZWNobm9s b2d5IHRoYXQgYWNoaWV2ZSB0aGUgc2FtZSAoZS5nLiB0aGUgSFRNTCBiZG8gZWxlbWVudCAoaHR0 cHM6Ly9odG1sLnNwZWMud2hhdHdnLm9yZy8jdGhlLWJkby1lbGVtZW50KSBvciB0aGUg4oCYYmlk aS1vdmVycmlkZeKAmSB2YWx1ZSBvZiB0aGUgdW5pY29kZS1iaWRpIHByb3BlcnR5IGluIENTUyAo aHR0cHM6Ly93d3cudzMub3JnL1RSL0NTUzIvdmlzdXJlbi5odG1sI3Byb3BkZWYtdW5pY29kZS1i aWRpKSkuDQoNCg0KDQoNCi0tIA0KaHR0cHM6Ly9idWdzLnJ1YnktbGFuZy5vcmcvDQo=