-
Notifications
You must be signed in to change notification settings - Fork 44
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
t/data/binary-test.file
has unknown provenance
#475
Labels
tech-debt
Technical debt
Comments
chrisnovakovic
added a commit
to chrisnovakovic/p5-net-ssleay
that referenced
this issue
Apr 4, 2024
t/data/binary-test.file is a binary blob of unknown provenance. To provide more reassurance that nothing malicious is hidden in binary blobs in the test suite, replace this file with the ASCII text file t/data/lorem-ipsum.txt, which contains the first two paragraphs of lorem ipsum generated by https://lipsum.com with lines wrapped at 80 characters. Closes radiator-software#475.
chrisnovakovic
added a commit
to chrisnovakovic/p5-net-ssleay
that referenced
this issue
Apr 5, 2024
t/data/binary-test.file is a binary blob of unknown provenance. To provide more reassurance that nothing malicious is hidden in binary blobs in the test suite, replace this file with the ASCII text file t/data/lorem-ipsum.txt, which contains the first two paragraphs of lorem ipsum generated by https://lipsum.com with lines wrapped at 80 characters. Closes radiator-software#475.
I'm fine with this change as long as we find something suitable. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
We did a lot of work a few years ago to make the test suite PKI reproducible (see #212). The only remaining binary blob with no clear provenance is
t/data/binary-test.file
. While I don't for a second suspect that Mike put anything malicious in there, I think it'd be reassuring to be more transparent about the source of the underlying data in a file like this, especially given recent adventures with opaque test data in other open-source projects.t/data/binary-test.file
is only used to test the behaviour ofRAND_load_file
and various digest functions. In fact there's no reason it has to have binary content at all - we could make it an ASCII text file containing widely-known text, to show we have nothing up our sleeves.The text was updated successfully, but these errors were encountered: