As demonstrated by the VMMaker team, SqueakSource has a rather
serious security vunerability:

http://bugs.squeak.org/view.php?id=7617

Below is the dialog that led to this discovery:


On Sun, Mar 20, 2011 at 11:26:20AM -0700, Eliot Miranda wrote:
> > > Hmm, wouldn't applying the “default” naming scheme prevent such
> > overwrites?
> > >
> > > That is, now there would be
> > >        VMMaker-oscog-eem.52
> > > for Elliots version and
> > >        VMMaker-oscog-IgorStasenko.52
> > > for Igors version.
> > > What would prevent us from that?
> > >
> > > I don't see a naming conflict.  I've been using VMMaker-oscog.NN since
> > the beginning and Igor has been using  VMMaker-oscog-IgorStasenko.NN.  This
> > isn't about names, it's about content.  Igor is miffed I didn't merge in
> > some changes he made when I published VMMaker-oscog.52, right Igor?
> > >
> >
> > No, you—obviously accidentally—overwrote his version of the 18th of March:
> >
> 
> So how did Monticello allow me to do that?  That's a /bad/ bug.
> 
> 
> >
> > >>>
> > Name: VMMaker-oscog.52
> > Author: IgorStasenko
> > Time: 18 March 2011, 12:45:14 am
> > UUID: a2810aac-4423-6740-b70e-7e821b979cb4
> > Ancestors: VMMaker-oscog-IgorStasenko.50,
> > VMMaker-oscog-EstebanLorenzano.50, VMMaker-oscog.51
> >
> > Merge with oscog-49-51 &  Esteban-50
> > <<<<
> >
> > which has the same file name as yours:
> >
> > >>>
> > Name: VMMaker-oscog.52
> > Author: eem
> > Time: 20 March 2011, 9:31:20 am
> > UUID: 1241a856-8570-4725-a069-a6d3d8a8a222
> > Ancestors: VMMaker-oscog.51
> >
> > Fix primitiveFlushCacheByMethod for objects-as-methods.
> > <<<<

-- 
Matthew Fulmer (a.k.a. Tapple)