[issue21109] tarfile: Traversal attack vulnerability
Tal Einat
report at bugs.python.org
Tue Sep 18 09:02:06 EDT 2018
Tal Einat <taleinat at gmail.com> added the comment:
I am not a lawyer, but to the best of my understanding, using such tarballs would be fine. Since Jakub's repo only provides code to generate archive files but doesn't include actual archive files, and the generation code is licensed via the MIT license, we are free to use the code to generate archive files, which would then not fall under the copyright of the author of the generation code (Jakub).
----------
_______________________________________
Python tracker <report at bugs.python.org>
<https://bugs.python.org/issue21109>
_______________________________________
More information about the Python-bugs-list
mailing list