[aur-general] AUR no more extracting source tarballs ( was: Upgraded AUR to 1.8.0)

Isaac Dupree ml at isaac.cedarswampstudios.org
Mon Feb 21 17:35:18 EST 2011

On 02/21/11 10:54, Lukas Fleischer wrote:
> Yes, like having two 1GB large files `tar -czf`'ed and uploading the
> resulting tarball to the AUR. I don't think that can be detected without
> being vulnerable to DoS attacks.

What if the PKGBUILD itself is a 1GB file?  For example a normal looking 
PKGBUILD followed by a billion newlines.  That probably compresses 
pretty well.

(/foolishly responding without reading code)


More information about the aur-general mailing list