Subject: Re: tar ignores filenames that contain `..'
To: NetBSD Packages Technical Discussion List <tech-pkg@netbsd.org>
From: Greg A. Woods <woods@weird.com>
List: tech-pkg
Date: 10/23/2002 12:52:24
[ On Wednesday, October 23, 2002 at 18:33:34 (+0200), Alistair Crooks wrote: ]
> Subject: Re: tar ignores filenames that contain `..'
>
> And I will jump in and say that it is really pax's problem. This is
> because (a) a lot of the distfiles that we use in pkgsrc come with
> symbolic links with ".." in them, so that we can't even extract the
> contents properly now
"a lot"?!?!?! I know I've not come anywhere close to testing the whole
gamut of pkgsrc (I've only ever tried building somewhere around 1000
separate packages in total), however I hope you're exaggerating just the
same.
Has anyone who happens to have a full distfiles archive done a
scientific survey? I'd be surprised and dismayed if more than 1% of
distfiles contained relative pathnames using "..", and I'd be even more
surprised if the maintainers/authors of the packages involved didn't
agree to eliminate such things ASAP.
Assuming it is just a tiny percentage of distfiles which are "broken"
then I see no problem with just leaving them that way until the
maintainers update their original archives to fix the actual problem.
--
Greg A. Woods
+1 416 218-0098; <g.a.woods@ieee.org>; <woods@robohack.ca>
Planix, Inc. <woods@planix.com>; VE3TCP; Secrets of the Weird <woods@weird.com>