tech-userlevel archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: bsdcpio and bsdtar installed by default



On Wed, Jun 25, 2008 at 09:38:05AM +0100, Alistair Crooks wrote:
> Robust software in the face of attackers is not some form of league table.
> It is a binary thing - either software is secure, or it's not. The uses
> of this software will primarily be extracting archives as root. For that,
> I want software I can trust. Up until this point, all we have heard from
> the people who want to use libarchive was "FreeBSD use it, so it's good".
> We heard nothing of exploitable bugs, including arbitrary code execution.
> I mention it, and you attempt to discredit what I say with the emotive
> "This is pure nonsense".

No. I argued that our pax has serious limitation and is therefore
useless for many applications. Arguing that we don't rely on GNU tar
is mood -- if you want to deal with any of the limitations you *have*
to.

From this discussion it seems like you want to maintain pax or leave it
in the current state. If that is the case, please take all the pax
related PRs and actually fix them.

Consider the inquire about libarchive withdrawn. I simply can't bother
enough.

Joerg


Home | Main Index | Thread Index | Old Index