Subject: Re: tar ignores filenames that contain `..'
To: NetBSD Packages Technical Discussion List <tech-pkg@netbsd.org>
From: Greg A. Woods <woods@weird.com>
List: tech-pkg
Date: 10/23/2002 12:52:24
[ On Wednesday, October 23, 2002 at 18:33:34 (+0200), Alistair Crooks wrote: ]
> Subject: Re: tar ignores filenames that contain `..'
>
> And I will jump in and say that it is really pax's problem.  This is
> because (a) a lot of the distfiles that we use in pkgsrc come with
> symbolic links with ".." in them, so that we can't even extract the
> contents properly now

"a lot"?!?!?!  I know I've not come anywhere close to testing the whole
gamut of pkgsrc (I've only ever tried building somewhere around 1000
separate packages in total), however I hope you're exaggerating just the
same.

Has anyone who happens to have a full distfiles archive done a
scientific survey?  I'd be surprised and dismayed if more than 1% of
distfiles contained relative pathnames using "..", and I'd be even more
surprised if the maintainers/authors of the packages involved didn't
agree to eliminate such things ASAP.

Assuming it is just a tiny percentage of distfiles which are "broken"
then I see no problem with just leaving them that way until the
maintainers update their original archives to fix the actual problem.

-- 
								Greg A. Woods

+1 416 218-0098;            <g.a.woods@ieee.org>;           <woods@robohack.ca>
Planix, Inc. <woods@planix.com>; VE3TCP; Secrets of the Weird <woods@weird.com>