pleroma.debian.social

Daniele Tricoli moved to eriol@akko.mornie.org eriol
@lanodan and WolfSSL (not only it) got a CVE[¹] for base64! :) Yes there is also rust-base64 there.
My point is that saying something is simple can be underestimating. But I agree that the proliferation of dependencies is a problem. I like
Armin Ronacher's thoughts about this problem: https://lucumr.pocoo.org/2019/7/29/dependency-scaling/

@be

[¹] https://nvd.nist.gov/vuln/detail/CVE-2021-24116

Daniele Tricoli moved to eriol@akko.mornie.org eriol
@lanodan I agree with you that it's a specific use case, but if we say that is fine to have my base64-ecoder-decoder-not-to-be-used-for-PEM, we are justifying dependencies proliferation.

Yes, that CVE could be on any kind of encoding/decoding, my point was more on the dependency related stuff.

@be
replies
0
announces
0
likes
0