From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on dcvr.yhbt.net X-Spam-Level: X-Spam-ASN: AS4713 221.184.0.0/13 X-Spam-Status: No, score=-3.6 required=3.0 tests=AWL,BAYES_00,DKIM_INVALID, DKIM_SIGNED,MAILING_LIST_MULTI,RCVD_IN_DNSWL_HI,SPF_HELO_NONE,SPF_PASS, UNPARSEABLE_RELAY,URIBL_GREY shortcircuit=no autolearn=ham autolearn_force=no version=3.4.2 Received: from neon.ruby-lang.org (neon.ruby-lang.org [221.186.184.75]) by dcvr.yhbt.net (Postfix) with ESMTP id 41BED1F9F4 for ; Mon, 22 Nov 2021 02:55:47 +0000 (UTC) Received: from neon.ruby-lang.org (localhost [IPv6:::1]) by neon.ruby-lang.org (Postfix) with ESMTP id F0C78120ABE; Mon, 22 Nov 2021 11:55:40 +0900 (JST) Received: from o1678948x4.outbound-mail.sendgrid.net (o1678948x4.outbound-mail.sendgrid.net [167.89.48.4]) by neon.ruby-lang.org (Postfix) with ESMTPS id B05351209D7 for ; Mon, 22 Nov 2021 11:55:38 +0900 (JST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sendgrid.me; h=from:references:subject:mime-version:content-type: content-transfer-encoding:list-id:to; s=smtpapi; bh=P3ocTt9xEvn0VmwXf7A4hXs4rgxQowZB0M2QLJqYg3c=; b=V62de/XfrVBb+riRbRKtcJ8vjrkjaoLA1C19vXxNxnIabdJSN/sRr1qpNvOQvMSE8uxS Y1EwTYRm8jHmZ6FbByWlydeggoHvExBaM+W6tGc9muyHYQrO4cI26jNFn8ph9/2GysmS3d tbQW1InU6pGaILZtvecHhC9wK/Vh3RW48= Received: by filterdrecv-55446c4d49-sgpf9 with SMTP id filterdrecv-55446c4d49-sgpf9-1-619B06A8-10 2021-11-22 02:55:36.846965114 +0000 UTC m=+7014951.653201337 Received: from herokuapp.com (unknown) by geopod-ismtpd-1-1 (SG) with ESMTP id xUKPwjr0TbitNiyJ62mJtg for ; Mon, 22 Nov 2021 02:55:36.834 +0000 (UTC) Date: Mon, 22 Nov 2021 02:55:36 +0000 (UTC) From: duerst Message-ID: References: Mime-Version: 1.0 X-Redmine-Project: ruby-master X-Redmine-Issue-Tracker: Feature X-Redmine-Issue-Id: 18336 X-Redmine-Issue-Author: duerst X-Redmine-Sender: duerst X-Mailer: Redmine X-Redmine-Host: bugs.ruby-lang.org X-Redmine-Site: Ruby Issue Tracking System X-Auto-Response-Suppress: All Auto-Submitted: auto-generated X-Redmine-MailingListIntegration-Message-Ids: 82441 X-SG-EID: =?us-ascii?Q?sZFLhNnqjcW9Ht8ByfkgOQbWPVETXXFxLuf0UPwpQ=2FbXrx066LnwciY0taRhC1?= =?us-ascii?Q?++A6DTJJ4lt=2FzJkwBQUmmbJXhB+C4nQ033MjSGj?= =?us-ascii?Q?je1hQvWU6hBPCEtO8PcLAgf9=2F=2FNvpnLjxA0iDtO?= =?us-ascii?Q?YVaCfEyqZ8H+hyrb7K0WgauGi5lf9IdOD9AymvK?= =?us-ascii?Q?rZMSk8FwMbbsO6bB7g=2FecDtjNGkJ+nOLVFdv1XM?= =?us-ascii?Q?g819M0lhHb=2FnotDR22HO+Wlr+c3dDcxRJE8scpc?= =?us-ascii?Q?76cURdh=2FWSwuwQuY=2FkxaA=3D=3D?= To: ruby-core@ruby-lang.org X-Entity-ID: b/2+PoftWZ6GuOu3b0IycA== X-ML-Name: ruby-core X-Mail-Count: 106197 Subject: [ruby-core:106197] [Ruby master Feature#18336] How to deal with Trojan Source vulnerability X-BeenThere: ruby-core@ruby-lang.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Ruby developers List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Reply-To: Ruby developers Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 Errors-To: ruby-core-bounces@ruby-lang.org Sender: "ruby-core" SXNzdWUgIzE4MzM2IGhhcyBiZWVuIHVwZGF0ZWQgYnkgZHVlcnN0IChNYXJ0aW4gRMO8cnN0KS4N Cg0KU3RhdHVzIGNoYW5nZWQgZnJvbSBPcGVuIHRvIEZlZWRiYWNrDQoNCldlIGRpc2N1c3NlZCB0 aGlzIGF0IHRoZSBkZXZlbG9wZXJzJyBtZWV0aW5nIG9uIDIwMjEvMTEvMTguIE5vIGZpbmFsIGRl Y2lzaW9uIHdhcyB0YWtlbi4gV2UgdGhpbmsgdGhhdCB0aGlzIGlzc3VlIHNob3VsZCBwcmltYXJp bHkgYnkgYWRkcmVzc2VkIGJ5IGVkaXRvcnMgYW5kIHNpbWlsYXIgdG9vbHMsIGJ5IG1ha2luZyB0 aGUgcmVsZXZhbnQgY2hhcmFjdGVycyB2aXNpYmxlLg0KDQpXZSB3aWxsIHNlZSB3aGF0IG90aGVy IGxhbmd1YWdlcyBkbzsgY3VycmVudGx5LCB0aGUgcGljdHVyZSBpcyBtaXhlZCwgd2l0aCBhIHRl bmRlbmN5IHRvIGxlYXZlIGl0IHRvIGVkaXRvcnMsLi4uIFRoZSBvbmx5IGxhbmd1YWdlIHRoYXQg d2Uga25vdyBvZiB0aGF0IGhhcyByZWFjdGVkIGlzIFJ1c3QuIEFueSBmZWVkYmFjayBpcyBhcHBy ZWNpYXRlZC4NCg0KLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ0KRmVh dHVyZSAjMTgzMzY6IEhvdyB0byBkZWFsIHdpdGggVHJvamFuIFNvdXJjZSB2dWxuZXJhYmlsaXR5 DQpodHRwczovL2J1Z3MucnVieS1sYW5nLm9yZy9pc3N1ZXMvMTgzMzYjY2hhbmdlLTk0ODAxDQoN CiogQXV0aG9yOiBkdWVyc3QgKE1hcnRpbiBEw7xyc3QpDQoqIFN0YXR1czogRmVlZGJhY2sNCiog UHJpb3JpdHk6IE5vcm1hbA0KLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t LQ0KVGhlICJUb3JqYW4gU291cmNlIiB2dWxuZXJhYmlsaXR5IHJlY2VudGx5IGhhcyBjYXVnaHQg c29tZSBhdHRlbnRpb24uDQoNClRoZSB2dWxuZXJhYmlsaXR5IGludm9sdmVzIHVzaW5nIGNlcnRh aW4gY29tYmluYXRpb25zIG9mIFVuaWNvZGUgY2hhcmFjdGVycyB0byBsZXQgc291cmNlIGNvZGUg bG9vayBsaWtlIGl0IGlzIGNvcnJlY3QgKGFuZCB0aGVyZWZvcmUgcGFzcyBjb2RlIHJldmlldywu Li4pIGJ1dCBhY3R1YWxseSBkbyBzb21ldGhpbmcgZWxzZSB0aGFuIGludGVuZGVkLg0KDQpGb3Ig YmFja2dyb3VuZCwgcGxlYXNlIHNlZSBkaXNjdXNzaW9uIG9uIEtyZWJzb25TZWN1cml0eSAoaHR0 cHM6Ly9rcmVic29uc2VjdXJpdHkuY29tLzIwMjEvMTEvdHJvamFuLXNvdXJjZS1idWctdGhyZWF0 ZW5zLXRoZS1zZWN1cml0eS1vZi1hbGwtY29kZS8pIGFuZCB0aGUgV2ViIHNpdGUgKGh0dHBzOi8v d3d3LnRyb2phbnNvdXJjZS5jb2Rlcy8pIGFuZCBvcmlnaW5hbCBwYXBlciAoaHR0cHM6Ly93d3cu dHJvamFuc291cmNlLmNvZGVzL3Ryb2phbi1zb3VyY2UucGRmKS4NCg0KSSBjb250YWN0ZWQgdGhl IFJ1Ynkgc2VjdXJpdHkgbGlzdCwgd2hpY2ggd2FzIGFscmVhZHkgYXdhcmUgb2YgdGhlIGlzc3Vl LCBhbmQgd2UgYWdyZWVkIHRvIGRpc2N1c3MgdGhpcyBoZXJlIGJlY2F1c2UgdGhlIHZ1bG5lcmFi aWxpdHkgaXMgYWxyZWFkeSBwdWJsaWMuDQoNClRoZSBwYXBlciBmb2N1c2VzIG9uIHRoZSB1c2Ug b2YgW0FdIERpcmVjdGlvbmFsIEZvcm1hdHRpbmcgQ2hhcmFjdGVycyAoKjEpIGluIHN0cmluZyBj b25zdGFudHMsIGNvbW1lbnRzLCBhbmQgc2ltaWxhciBjb25zdHJ1Y3RzIHRvIGNoYW5nZSB0aGUg dmlzdWFsIGFwcGVhcmFuY2Ugb2YgY29kZSBvdXRzaWRlIHRoZXNlIGNvbnN0cnVjdHMuIFRoZXJl IGFyZSByZWxhdGVkIHZ1bG5lcmFiaWxpdGllcywgbmFtZWx5IHRoZSB1c2Ugb2YgW0JdIG5vbi1z cGFjaW5nIChhbmQgdGhlcmVmb3JlIG1vc3RseSBpbnZpc2libGUpIGNoYXJhY3RlcnMgZS5nLiBp biB2YXJpYWJsZSBuYW1lcywgYW5kIHRoZSB1c2Ugb2YgW0NdIG1peGVkLXNjcmlwdCBpZGVudGlm aWVycywgd2hpY2ggYWxzbyBsZXRzIHNvbWUgdmFyaWFibGUgbmFtZXMgbG9vayBpZGVudGljYWwg ZXZlbiBpZiB0aGV5IGFyZSBub3QuDQoNClNvbWUgbGFuZ3VhZ2VzLCBzdWNoIGFzIFJ1c3QsIGhh dmUgYWRkcmVzc2VkIFtBXSAoc2VlIGh0dHBzOi8vYmxvZy5ydXN0LWxhbmcub3JnLzIwMjEvMTEv MDEvY3ZlLTIwMjEtNDI1NzQuaHRtbCkgYnkgcmVxdWlyaW5nIGVzY2FwZXMgdG8gYmUgdXNlZCBm b3IgdGhlIHJlbGV2YW50IGNoYXJhY3RlcnMgaW4gc291cmNlLiBPbiB0aGUgb3RoZXIgaGFuZCwg cGVvcGxlIHN1Y2ggYXMgUnVzcyBDb3ggdGhpbmsgY29tcGlsZXJzIGFyZSB0aGUgd3JvbmcgcGxh Y2UgdG8gYWRkcmVzcyB0aGUgaXNzdWU7IGl0IHNob3VsZCBiZSBhZGRyZXNzZWQgaW4gZWRpdG9y cyBhbmQgc2ltaWxhciB0b29scyAoc2VlIGh0dHBzOi8vcmVzZWFyY2guc3d0Y2guY29tL3Ryb2ph bikuIEdpdGh1YiBub3cgd2FybnMgYWJvdXQgDQoNClRoZSBxdWVzdGlvbiBpcyB3aGF0IFJ1Ynkg c2hvdWxkIGRvLCBpZiBhbnl0aGluZy4NCkFkZHJlc3NpbmcgW0FdIHNpbWlsYXIgdG8gaG93IFJ1 c3QgZG9lcyBpdCBjYW4gYmUgZG9uZSByZWxhdGl2ZWx5IGVhc2lseS4gSWYgdGhhdCdzIGRvbmUs IEknZCBwcmVmZXIgdG8gb25seSByZWplY3QgaW5jb21wbGV0ZSBCaWRpIGNvbnRyb2wgc2VxdWVu Y2VzLCB3aGljaCBpcyBhIGJpdCBtb3JlIGNvbXBsaWNhdGVkLiBJbiBwYXJ0aWN1bGFyLCBzdHJp bmcgaW50ZXJwb2xhdGlvbiBuZWVkcyBhIHZlcnkgY2FyZWZ1bCBhbmFseXNpcy4NCkZvciBbQl0s IEknbGwgb3BlbiBhIHNlcGFyYXRlIGlzc3VlLg0KRm9yIFtDXSwgd2UgaGF2ZSBhbGwgZGF0YSBh Ym91dCBzY3JpcHRzLCBidXQgdGhlIHdheSBpdCdzIGN1cnJlbnRseSBzdHJ1Y3R1cmVkIG1ha2Vz IGZpbmRpbmcgb3V0IHdoaWNoIGNoYXJhY3RlciBhIHNjcmlwdCBiZWxvbmdzIHRvIHF1aXRlIGlu ZWZmaWNpZW50Lg0KDQoNCigqMSkgIkRpcmVjdGlvbmFsIEZvcm1hdHRpbmcgQ2hhcmFjdGVyIiBp cyB0aGUgb2ZmaWNpYWwgVW5pY29kZSB0ZXJtIChzZWUgaHR0cHM6Ly93d3cudW5pY29kZS5vcmcv cmVwb3J0cy90cjkvI0RpcmVjdGlvbmFsX0Zvcm1hdHRpbmdfQ2hhcmFjdGVycykuIFRoZSB0ZXJt cyAiQmlkaS9CaWRpcmVjdGlvbmFsIGNvbnRyb2wiIG9yICJCaWRpL0JpZGlyZWN0aW9uYWwgY29u dHJvbCBjaGFyYWN0ZXIiIGFyZSBhbHNvIHVzZWQuIE92ZXJhbGwsIHRoZXJlIGFyZSA5IHN1Y2gg Y2hhcmFjdGVycy4gVW5mb3J0dW5hdGVseSwgYm90aCB0aGUgcGFwZXIgYW5kIEtyZWJzb25TZWN1 cml0eSB1c2UgdGhlIHRlcm0gIkJpZGkgT3ZlcnJpZGUiLCB3aGljaCBpcyBoaWdobHkgbWlzbGVh ZGluZy4gVGhlIHRlcm0g4oCcQmlkaSBPdmVycmlkZeKAnSBpcyByZXNlcnZlZCBmb3IgdHdvIGNo YXJhY3RlcnMgb25seToNCkxSTywgVSsyMDJELCBMZWZ0LXRvLVJpZ2h0IE92ZXJyaWRlLCBhbmQg UkxPLCBVKzIwMkUsIFJpZ2h0LXRvLUxlZnQgT3ZlcnJpZGUgKHNlZSBUYWJsZSAxIGluIHRoZSBw YXBlcikuIEl0IGlzIGFsc28gdXNlZCBmb3IgdGhlIHBoZW5vbWVub24gYXNzb2NpYXRlZCB3aXRo IHRoZXNlIHR3byBjaGFyYWN0ZXJzLCBhIOKAnGhhcmTigJ0gb3ZlcnJpZGUgKGkuZS4gYWZmZWN0 aW5nIGFsbCBjaGFyYWN0ZXJzIGluY2x1ZGluZyBlLmcuIHRoZSBMYXRpbiBhbHBoYWJldCksIGFu ZCBtZWNoYW5pc21zIGluIG90aGVyIHRlY2hub2xvZ3kgdGhhdCBhY2hpZXZlIHRoZSBzYW1lIChl LmcuIHRoZSBIVE1MIGJkbyBlbGVtZW50IChodHRwczovL2h0bWwuc3BlYy53aGF0d2cub3JnLyN0 aGUtYmRvLWVsZW1lbnQpIG9yIHRoZSDigJhiaWRpLW92ZXJyaWRl4oCZIHZhbHVlIG9mIHRoZSB1 bmljb2RlLWJpZGkgcHJvcGVydHkgaW4gQ1NTIChodHRwczovL3d3dy53My5vcmcvVFIvQ1NTMi92 aXN1cmVuLmh0bWwjcHJvcGRlZi11bmljb2RlLWJpZGkpKS4NCg0KDQoNCg0KLS0gDQpodHRwczov L2J1Z3MucnVieS1sYW5nLm9yZy8NCg==