From 1be510f9529cb082f802408b472a77d074b394c0 Mon Sep 17 00:00:00 2001
From: Nicolas Vigier <boklm@mageia.org>
Date: Sun, 14 Apr 2013 13:46:12 +0000
Subject: Add zarb MLs html archives

---
 .../mageia-dev/attachments/20111006/354e3360/attachment-0001.html    | 5 +++++
 zarb-ml/mageia-dev/attachments/20111006/354e3360/attachment.html     | 5 +++++
 2 files changed, 10 insertions(+)
 create mode 100644 zarb-ml/mageia-dev/attachments/20111006/354e3360/attachment-0001.html
 create mode 100644 zarb-ml/mageia-dev/attachments/20111006/354e3360/attachment.html

(limited to 'zarb-ml/mageia-dev/attachments/20111006')

diff --git a/zarb-ml/mageia-dev/attachments/20111006/354e3360/attachment-0001.html b/zarb-ml/mageia-dev/attachments/20111006/354e3360/attachment-0001.html
new file mode 100644
index 000000000..c3567477f
--- /dev/null
+++ b/zarb-ml/mageia-dev/attachments/20111006/354e3360/attachment-0001.html
@@ -0,0 +1,5 @@
+I think part of the point I noticed didn&#39;t got understood/seen by people answering on this topic.<br>I&#39;ll rephrase my wondering differently.<br><br>Syslinux is a modern bootloader and use some libs (a zlib, a png one, a jpeg one, maybe other ...).<br>
+<br>The patch I was talking about is about to change the png lib with the main argument about the security. A possible scenario with a png attack.<br><br>My point is that if we care about the security of the bootloaders regarding this kind of scenario, our work is very partial.<br>
+If we want to stay consitent, we have to remove the jpeg lib too, the compression libs also.<br><br>And this is true about all the other bootloaders. Did someone already thought about managing the security of the builtin libs inside gfxboot ?<br>
+Do we care about the gunzip code of grub ?<br><br>Being that intrusive regarding the static inclusion of this libs inside the bootloaders is just a work to report upstream and not the distro side.<br>Only focusing on changing the libpng or not of syslinux isn&#39;t enough....<br>
+<br>Honestly, for me this really sounds like cutting hairs in 4 with a hammer.<br>
diff --git a/zarb-ml/mageia-dev/attachments/20111006/354e3360/attachment.html b/zarb-ml/mageia-dev/attachments/20111006/354e3360/attachment.html
new file mode 100644
index 000000000..c3567477f
--- /dev/null
+++ b/zarb-ml/mageia-dev/attachments/20111006/354e3360/attachment.html
@@ -0,0 +1,5 @@
+I think part of the point I noticed didn&#39;t got understood/seen by people answering on this topic.<br>I&#39;ll rephrase my wondering differently.<br><br>Syslinux is a modern bootloader and use some libs (a zlib, a png one, a jpeg one, maybe other ...).<br>
+<br>The patch I was talking about is about to change the png lib with the main argument about the security. A possible scenario with a png attack.<br><br>My point is that if we care about the security of the bootloaders regarding this kind of scenario, our work is very partial.<br>
+If we want to stay consitent, we have to remove the jpeg lib too, the compression libs also.<br><br>And this is true about all the other bootloaders. Did someone already thought about managing the security of the builtin libs inside gfxboot ?<br>
+Do we care about the gunzip code of grub ?<br><br>Being that intrusive regarding the static inclusion of this libs inside the bootloaders is just a work to report upstream and not the distro side.<br>Only focusing on changing the libpng or not of syslinux isn&#39;t enough....<br>
+<br>Honestly, for me this really sounds like cutting hairs in 4 with a hammer.<br>
-- 
cgit v1.2.1