Zulip Chat Archive
Stream: lean4 dev
Topic: Vulnerabilities
Henrik Böving (Apr 10 2023 at 14:56):
Someone in power :tm: should probably respond to this: https://github.com/leanprover/lean4/issues/2189
Sebastian Ullrich (Apr 10 2023 at 15:29):
It can hardly be worse than "metaprogramming allows for execution of arbitrary IO values"
Sebastian Ullrich (Apr 10 2023 at 15:36):
Note that this "automatic vulnerability detection tool" (first red flag) raised identical issues in 800 other repos
Eric Wieser (Apr 10 2023 at 15:40):
I think it's probably still a good idea to turn on this reporting feature, even if we just ignore what's posted
Henrik Böving (Apr 10 2023 at 15:47):
Sebastian Ullrich said:
Note that this "automatic vulnerability detection tool" (first red flag) raised identical issues in 800 other repos
I gave them the benefit of doubt because their profile said PhD student :D
Kevin Buzzard (Apr 10 2023 at 19:33):
cf https://github.com/leanprover/lean/issues/1781
Kevin Buzzard (Apr 10 2023 at 19:35):
I marked all my student projects in a VM for this reason, even though "delete your lecturer's hard drive" is probably not an optimal approach for a good mark in my course.
Johan Commelin (Apr 10 2023 at 19:36):
How about "edit the lecturer's spreadsheet that records all the marks for the course"?
Kevin Buzzard (Apr 10 2023 at 19:39):
That would definitely be a good way.
Sebastian Ullrich (Apr 13 2023 at 10:33):
The issue and GitHub account have since been deleted, so that's that I suppose
Mac Malone (Apr 16 2023 at 10:10):
Sebastian Ullrich said:
The issue and GitHub account have since been deleted, so that's that I suppose
They have? I was still able to open the link to the issue (https://github.com/leanprover/lean4/issues/2189) -- which is still marked open -- and view their user account.
Mario Carneiro (Apr 16 2023 at 10:50):
I confirmed Sebastian's claim when he said it, as well as yours just now. It appears to have been a temporary existence failure
Sebastian Ullrich (Apr 16 2023 at 10:51):
Perhaps a temporary ban due to suspected spamming
Notification Bot (Apr 16 2023 at 22:42):
Eugene has marked this topic as resolved.
Notification Bot (Apr 16 2023 at 22:43):
Eugene has marked this topic as unresolved.
Last updated: Dec 20 2023 at 11:08 UTC