On 1/15/23 00:59, brian m. carlson wrote:
3) Illicit contents may be present in binary blobs, which in the future may
be need to be removed without warrant and the only way to do that is by
rebasing and force pushing, which will break "everything". It can be
everything from child-porn to expired distribution licenses.
This is a problem in every Merkle tree-like system. Most repositories
have some sort of code review or access control that prevents people
from generally pushing inappropriate content. For example, if somebody
proposed to push any sort of pornography or other inappropriate content
(e.g., a racist screed) to one of my repositories or one of my
employer's, I'd refuse to approve or merge such a change, because
that wouldn't be appropriate for the repository.
I don't feel this is enough of a problem that using a Merkle tree-like
construction is a bad idea, given the benefits it offers.
Yeah, right. And of course you have all the tools to decode those
megabyte big firmware blobs from intel supporting wireless cards all
over the place to see what is actually inside there, that they are not
using some 3rd party code which licence will expire at some point, and
then you need to remove those binaries.
--HPS
