From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on dcvr.yhbt.net X-Spam-Level: X-Spam-ASN: AS4713 221.184.0.0/13 X-Spam-Status: No, score=-3.6 required=3.0 tests=AWL,BAYES_00,DKIM_INVALID, DKIM_SIGNED,MAILING_LIST_MULTI,RCVD_IN_DNSWL_MED,SPF_HELO_NONE, SPF_PASS,UNPARSEABLE_RELAY,URIBL_GREY shortcircuit=no autolearn=no autolearn_force=no version=3.4.2 Received: from neon.ruby-lang.org (neon.ruby-lang.org [221.186.184.75]) by dcvr.yhbt.net (Postfix) with ESMTP id 1C38C1F953 for ; Tue, 23 Nov 2021 20:39:40 +0000 (UTC) Received: from neon.ruby-lang.org (localhost [IPv6:::1]) by neon.ruby-lang.org (Postfix) with ESMTP id 34A61120AB4; Wed, 24 Nov 2021 05:39:39 +0900 (JST) Received: from xtrwkhkc.outbound-mail.sendgrid.net (xtrwkhkc.outbound-mail.sendgrid.net [167.89.16.28]) by neon.ruby-lang.org (Postfix) with ESMTPS id 739A81209C5 for ; Wed, 24 Nov 2021 05:39:37 +0900 (JST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sendgrid.me; h=from:references:subject:mime-version:content-type: content-transfer-encoding:list-id:to; s=smtpapi; bh=42rRVFih4sXlSa4qk5GoF6zcfeCMXomDJ3N3aTUshvY=; b=K8RC6Jt7cocditTMZdABCWpaMZb4EVhjz6kHlkxm3Xt7U/Ayt5PKtzMOI/XbGFPyvSS/ ol0FmjxqEx09oS+esU5898comJ1G4iIqer5enYaf1LEVNU69d1x+vjj4DjqWCFWVkXswww b1/3rcWfsxsIqCZRR2NLLj7NFR2Z/VRj4= Received: by filterdrecv-656998cfdd-tjhxw with SMTP id filterdrecv-656998cfdd-tjhxw-1-619D5186-6C 2021-11-23 20:39:34.982976491 +0000 UTC m=+5433135.523127622 Received: from herokuapp.com (unknown) by ismtpd0163p1iad2.sendgrid.net (SG) with ESMTP id MFpZTwkDTlqLBV06518IfQ for ; Tue, 23 Nov 2021 20:39:34.891 +0000 (UTC) Date: Tue, 23 Nov 2021 20:39:35 +0000 (UTC) From: "Dan0042 (Daniel DeLorme)" Message-ID: References: Mime-Version: 1.0 X-Redmine-Project: ruby-master X-Redmine-Issue-Tracker: Feature X-Redmine-Issue-Id: 18336 X-Redmine-Issue-Author: duerst X-Redmine-Sender: Dan0042 X-Mailer: Redmine X-Redmine-Host: bugs.ruby-lang.org X-Redmine-Site: Ruby Issue Tracking System X-Auto-Response-Suppress: All Auto-Submitted: auto-generated X-Redmine-MailingListIntegration-Message-Ids: 82478 X-SG-EID: =?us-ascii?Q?9vnO9kNFlf1pwhty1clU3mt9eNWYniufdXqocdsQQtaDTWZk4+b5g5js0Akvaj?= =?us-ascii?Q?32LW=2F+fGSAom3tt8Jo+=2FGW3uDD0ktbmu7qAbln0?= =?us-ascii?Q?uJrjICngKPKND6OlXLIki30bPysTpmxu0y7GCYO?= =?us-ascii?Q?59cZxpJATwVBw7QTbDImgGkOvRim8PqpuYaCq9P?= =?us-ascii?Q?uPqde9AwwGJK89FPS8Ij8=2FPOKcPkctGaZZ6sSxe?= =?us-ascii?Q?k4rSa9tbyWALPY+o+u0LFKUlzXz5NBS4uUpvYSa?= =?us-ascii?Q?jHh1qfdLHqQstfns0c3fA=3D=3D?= To: ruby-core@ruby-lang.org X-Entity-ID: b/2+PoftWZ6GuOu3b0IycA== X-ML-Name: ruby-core X-Mail-Count: 106232 Subject: [ruby-core:106232] [Ruby master Feature#18336] How to deal with Trojan Source vulnerability X-BeenThere: ruby-core@ruby-lang.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Ruby developers List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Reply-To: Ruby developers Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 Errors-To: ruby-core-bounces@ruby-lang.org Sender: "ruby-core" SXNzdWUgIzE4MzM2IGhhcyBiZWVuIHVwZGF0ZWQgYnkgRGFuMDA0MiAoRGFuaWVsIERlTG9ybWUp Lg0KDQoNCkluIGEgc2Vuc2UgaXQncyB0cnVlIHRoaXMgaXMgdGhlIHJlc3BvbnNhYmlsaXR5IG9m IHRoZSBlZGl0b3IsIGJ1dCBJIGFsc28gdGhpbmsgaXQncyBvayB0byBoYXZlIGRlZmVuc2UgaW4g ZGVwdGguIEkgd291bGQgc3VwcG9ydCBzb21lIGZvcm0gb2YgY3VzdG9taXphYmxlIGJsYWNrbGlz dCBvZiAiZGFuZ2Vyb3VzIiB1bmljb2RlIGNoYXJhY3RlcnMgdGhhdCBhcmUgbm90IGFsbG93ZWQg aW4gc291cmNlIGNvZGUsIHdpdGggc29tZSBzYW5lIGRlZmF1bHQuDQpgYGANCiRVTklDT0RFX0JM QUNLTElTVCAjPT4gIzxTZXQ6IHsweDIwMkQsIDB4MjAyRX0+ICAjYnkgZGVmYXVsdCBibGFja2xp c3QgYmlkaSBvdmVycmlkZXM/DQokVU5JQ09ERV9CTEFDS0xJU1QgPDwgMHgzMTY0ICAgICAgICAg ICAgICAgICAgICAgI3dvcnJpZWQgYWJvdXQgdGhhdCAiaW52aXNpYmxlIHZhcmlhYmxlIiBleHBs b2l0DQokVU5JQ09ERV9CTEFDS0xJU1QuZGVsZXRlKDB4MjAyRCkuZGVsZXRlKDB4MjAyRSkgI2lm IHlvdSBuZWVkIGJpZGkgb3ZlcnJpZGVzDQpgYGANCg0KDQotLS0tLS0tLS0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tLS0tLS0tLS0tDQpGZWF0dXJlICMxODMzNjogSG93IHRvIGRlYWwgd2l0aCBUcm9q YW4gU291cmNlIHZ1bG5lcmFiaWxpdHkNCmh0dHBzOi8vYnVncy5ydWJ5LWxhbmcub3JnL2lzc3Vl cy8xODMzNiNjaGFuZ2UtOTQ4NDMNCg0KKiBBdXRob3I6IGR1ZXJzdCAoTWFydGluIETDvHJzdCkN CiogU3RhdHVzOiBGZWVkYmFjaw0KKiBQcmlvcml0eTogTm9ybWFsDQotLS0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tDQpUaGUgIlRvcmphbiBTb3VyY2UiIHZ1bG5lcmFiaWxp dHkgcmVjZW50bHkgaGFzIGNhdWdodCBzb21lIGF0dGVudGlvbi4NCg0KVGhlIHZ1bG5lcmFiaWxp dHkgaW52b2x2ZXMgdXNpbmcgY2VydGFpbiBjb21iaW5hdGlvbnMgb2YgVW5pY29kZSBjaGFyYWN0 ZXJzIHRvIGxldCBzb3VyY2UgY29kZSBsb29rIGxpa2UgaXQgaXMgY29ycmVjdCAoYW5kIHRoZXJl Zm9yZSBwYXNzIGNvZGUgcmV2aWV3LC4uLikgYnV0IGFjdHVhbGx5IGRvIHNvbWV0aGluZyBlbHNl IHRoYW4gaW50ZW5kZWQuDQoNCkZvciBiYWNrZ3JvdW5kLCBwbGVhc2Ugc2VlIGRpc2N1c3Npb24g b24gS3JlYnNvblNlY3VyaXR5IChodHRwczovL2tyZWJzb25zZWN1cml0eS5jb20vMjAyMS8xMS90 cm9qYW4tc291cmNlLWJ1Zy10aHJlYXRlbnMtdGhlLXNlY3VyaXR5LW9mLWFsbC1jb2RlLykgYW5k IHRoZSBXZWIgc2l0ZSAoaHR0cHM6Ly93d3cudHJvamFuc291cmNlLmNvZGVzLykgYW5kIG9yaWdp bmFsIHBhcGVyIChodHRwczovL3d3dy50cm9qYW5zb3VyY2UuY29kZXMvdHJvamFuLXNvdXJjZS5w ZGYpLg0KDQpJIGNvbnRhY3RlZCB0aGUgUnVieSBzZWN1cml0eSBsaXN0LCB3aGljaCB3YXMgYWxy ZWFkeSBhd2FyZSBvZiB0aGUgaXNzdWUsIGFuZCB3ZSBhZ3JlZWQgdG8gZGlzY3VzcyB0aGlzIGhl cmUgYmVjYXVzZSB0aGUgdnVsbmVyYWJpbGl0eSBpcyBhbHJlYWR5IHB1YmxpYy4NCg0KVGhlIHBh cGVyIGZvY3VzZXMgb24gdGhlIHVzZSBvZiBbQV0gRGlyZWN0aW9uYWwgRm9ybWF0dGluZyBDaGFy YWN0ZXJzICgqMSkgaW4gc3RyaW5nIGNvbnN0YW50cywgY29tbWVudHMsIGFuZCBzaW1pbGFyIGNv bnN0cnVjdHMgdG8gY2hhbmdlIHRoZSB2aXN1YWwgYXBwZWFyYW5jZSBvZiBjb2RlIG91dHNpZGUg dGhlc2UgY29uc3RydWN0cy4gVGhlcmUgYXJlIHJlbGF0ZWQgdnVsbmVyYWJpbGl0aWVzLCBuYW1l bHkgdGhlIHVzZSBvZiBbQl0gbm9uLXNwYWNpbmcgKGFuZCB0aGVyZWZvcmUgbW9zdGx5IGludmlz aWJsZSkgY2hhcmFjdGVycyBlLmcuIGluIHZhcmlhYmxlIG5hbWVzLCBhbmQgdGhlIHVzZSBvZiBb Q10gbWl4ZWQtc2NyaXB0IGlkZW50aWZpZXJzLCB3aGljaCBhbHNvIGxldHMgc29tZSB2YXJpYWJs ZSBuYW1lcyBsb29rIGlkZW50aWNhbCBldmVuIGlmIHRoZXkgYXJlIG5vdC4NCg0KU29tZSBsYW5n dWFnZXMsIHN1Y2ggYXMgUnVzdCwgaGF2ZSBhZGRyZXNzZWQgW0FdIChzZWUgaHR0cHM6Ly9ibG9n LnJ1c3QtbGFuZy5vcmcvMjAyMS8xMS8wMS9jdmUtMjAyMS00MjU3NC5odG1sKSBieSByZXF1aXJp bmcgZXNjYXBlcyB0byBiZSB1c2VkIGZvciB0aGUgcmVsZXZhbnQgY2hhcmFjdGVycyBpbiBzb3Vy Y2UuIE9uIHRoZSBvdGhlciBoYW5kLCBwZW9wbGUgc3VjaCBhcyBSdXNzIENveCB0aGluayBjb21w aWxlcnMgYXJlIHRoZSB3cm9uZyBwbGFjZSB0byBhZGRyZXNzIHRoZSBpc3N1ZTsgaXQgc2hvdWxk IGJlIGFkZHJlc3NlZCBpbiBlZGl0b3JzIGFuZCBzaW1pbGFyIHRvb2xzIChzZWUgaHR0cHM6Ly9y ZXNlYXJjaC5zd3RjaC5jb20vdHJvamFuKS4gR2l0aHViIG5vdyB3YXJucyBhYm91dCANCg0KVGhl IHF1ZXN0aW9uIGlzIHdoYXQgUnVieSBzaG91bGQgZG8sIGlmIGFueXRoaW5nLg0KQWRkcmVzc2lu ZyBbQV0gc2ltaWxhciB0byBob3cgUnVzdCBkb2VzIGl0IGNhbiBiZSBkb25lIHJlbGF0aXZlbHkg ZWFzaWx5LiBJZiB0aGF0J3MgZG9uZSwgSSdkIHByZWZlciB0byBvbmx5IHJlamVjdCBpbmNvbXBs ZXRlIEJpZGkgY29udHJvbCBzZXF1ZW5jZXMsIHdoaWNoIGlzIGEgYml0IG1vcmUgY29tcGxpY2F0 ZWQuIEluIHBhcnRpY3VsYXIsIHN0cmluZyBpbnRlcnBvbGF0aW9uIG5lZWRzIGEgdmVyeSBjYXJl ZnVsIGFuYWx5c2lzLg0KRm9yIFtCXSwgSSdsbCBvcGVuIGEgc2VwYXJhdGUgaXNzdWUuDQpGb3Ig W0NdLCB3ZSBoYXZlIGFsbCBkYXRhIGFib3V0IHNjcmlwdHMsIGJ1dCB0aGUgd2F5IGl0J3MgY3Vy cmVudGx5IHN0cnVjdHVyZWQgbWFrZXMgZmluZGluZyBvdXQgd2hpY2ggY2hhcmFjdGVyIGEgc2Ny aXB0IGJlbG9uZ3MgdG8gcXVpdGUgaW5lZmZpY2llbnQuDQoNCg0KKCoxKSAiRGlyZWN0aW9uYWwg Rm9ybWF0dGluZyBDaGFyYWN0ZXIiIGlzIHRoZSBvZmZpY2lhbCBVbmljb2RlIHRlcm0gKHNlZSBo dHRwczovL3d3dy51bmljb2RlLm9yZy9yZXBvcnRzL3RyOS8jRGlyZWN0aW9uYWxfRm9ybWF0dGlu Z19DaGFyYWN0ZXJzKS4gVGhlIHRlcm1zICJCaWRpL0JpZGlyZWN0aW9uYWwgY29udHJvbCIgb3Ig IkJpZGkvQmlkaXJlY3Rpb25hbCBjb250cm9sIGNoYXJhY3RlciIgYXJlIGFsc28gdXNlZC4gT3Zl cmFsbCwgdGhlcmUgYXJlIDkgc3VjaCBjaGFyYWN0ZXJzLiBVbmZvcnR1bmF0ZWx5LCBib3RoIHRo ZSBwYXBlciBhbmQgS3JlYnNvblNlY3VyaXR5IHVzZSB0aGUgdGVybSAiQmlkaSBPdmVycmlkZSIs IHdoaWNoIGlzIGhpZ2hseSBtaXNsZWFkaW5nLiBUaGUgdGVybSDigJxCaWRpIE92ZXJyaWRl4oCd IGlzIHJlc2VydmVkIGZvciB0d28gY2hhcmFjdGVycyBvbmx5Og0KTFJPLCBVKzIwMkQsIExlZnQt dG8tUmlnaHQgT3ZlcnJpZGUsIGFuZCBSTE8sIFUrMjAyRSwgUmlnaHQtdG8tTGVmdCBPdmVycmlk ZSAoc2VlIFRhYmxlIDEgaW4gdGhlIHBhcGVyKS4gSXQgaXMgYWxzbyB1c2VkIGZvciB0aGUgcGhl bm9tZW5vbiBhc3NvY2lhdGVkIHdpdGggdGhlc2UgdHdvIGNoYXJhY3RlcnMsIGEg4oCcaGFyZOKA nSBvdmVycmlkZSAoaS5lLiBhZmZlY3RpbmcgYWxsIGNoYXJhY3RlcnMgaW5jbHVkaW5nIGUuZy4g dGhlIExhdGluIGFscGhhYmV0KSwgYW5kIG1lY2hhbmlzbXMgaW4gb3RoZXIgdGVjaG5vbG9neSB0 aGF0IGFjaGlldmUgdGhlIHNhbWUgKGUuZy4gdGhlIEhUTUwgYmRvIGVsZW1lbnQgKGh0dHBzOi8v aHRtbC5zcGVjLndoYXR3Zy5vcmcvI3RoZS1iZG8tZWxlbWVudCkgb3IgdGhlIOKAmGJpZGktb3Zl cnJpZGXigJkgdmFsdWUgb2YgdGhlIHVuaWNvZGUtYmlkaSBwcm9wZXJ0eSBpbiBDU1MgKGh0dHBz Oi8vd3d3LnczLm9yZy9UUi9DU1MyL3Zpc3VyZW4uaHRtbCNwcm9wZGVmLXVuaWNvZGUtYmlkaSkp Lg0KDQoNCg0KDQotLSANCmh0dHBzOi8vYnVncy5ydWJ5LWxhbmcub3JnLw0K