On Mon, 12 Dec 2011 21:34:12 +0100
Tomas Mraz <tmraz(a)redhat.com> wrote:
On Mon, 2011-12-12 at 15:21 -0500, Stephen Gallagher wrote:
> On Mon, 2011-12-12 at 13:16 -0700, Ken Dreyer wrote:
> > On Mon, Dec 12, 2011 at 12:24 PM, Stephen Gallagher
> > <sgallagh(a)redhat.com> wrote:
> > > * #715 Provenpackager education/status/brainstorming (sgallagh,
> > > 18:43:02)
> >
> > There was some discussion a while back about preventing certain
> > extensions from being uploaded to the lookaside cache. Could
> > ".patch" be added to that list?
>
> Of course, a whitelist might be a better idea. Maybe we only
> allow .tar.gz, .tar.bz2 and .zip to be uploaded this way and make
> additional exceptions as they arise.
What about running a 'file' command on the stuff and if the output
contains 'text' then allow upload only with some kind of --force
option?
And what about separately shipped license files, documentation and so
on?
Not a valid option.
--
Jussi Lehtola
Fedora Project Contributor
jussilehtola(a)fedoraproject.org