On Tue, 2011-07-26 at 18:34 +0200, Leonard den Ottolander wrote: > On Tue, 2011-07-26 at 17:22 +0100, Karanbir Singh wrote: > > sure, but you need to take this upstream to get attention. > > This has happened as I mentioned earlier. > > > I just dont > > see this as an important enough issue to fix within centos here. > > No such suggestion was made. We all know CentOS behaves like upstream > and the fix will probably trickle down soon enough. > > > Expecting valid metadata should be a reasonable assumption. > > No. Programmes that crash on bad input are vectors for exploits. Even if > it's unlikely someone would put an untrustworthy repo in his config yum > shouldn't segfault on bad data. Programmes should ALWAYS ensure the data they will operate on is VALID. Programmes should INSIST on valid data or REJECT that data with a concise, but sufficiently comprehensive, error message. Programmes that abort because of bad data are defective programmes and need rectification. No good programmer ever accepts that other people's data will always be valid. -- With best regards, Paul. England, EU.