I took another very quick look at the previous issues I reported and
most have been addressed; the extractZip, extractTar functions still
look quite likely to have all the usual problems associated with
handling archive files ("zip slip" and other very catchy names), so
please don't forget about these.With this kind of rapid turnaround from upstream on problems I think we can work with this. As usual with golang projects, I think snap packaging may be a better fit for the "vendor all the world" approach, but if we're convinced the costs of .deb packaging for golang are worth it, security team ACK for promoting google-osconfig-agent to main. Thanks -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1891934 Title: [MIR] google-osconfig-agent To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/google-osconfig-agent/+bug/1891934/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
