On Thu, Jul 03, 2008 at 09:22:23PM +0100, Alistair Crooks wrote: > On Thu, Jul 03, 2008 at 03:15:06PM -0400, Steven M. Bellovin wrote: > > On Thu, 3 Jul 2008 21:11:54 +0200 > > jens.rehsack%bayerbbs.com@localhost wrote: > > > > > Hi all, > > > > > > I read in pkgsrc handbook, chap. 21.2, that a new package should be > > > submitted as a uuencoded, gzip'ed tar archive. > > > In FreeBSD we're using shar(1) which is more comfortable (at least > > > for me ^^). > > > Just a question: Does your process strict requires the uuencoded, > > > gzipped tar archive (though I must submit the pr's using the > > > web-interface) or is a shar file ok, too? > > > Finally, I will create an alias or a small script creating the > > > required format - so I do not want to initiate a big change - it's > > > just a question. > > > > > shar is a pretty serious security risk for the recipient; I'd be > > appalled if we accepted it. > > Absolutely - please submit as a tar archive, or find someone who > can help you do that. It's not that onerous, and it makes our lives > much less stressful. Much less? A clever MASTER_SITES setting will make you download crap that will root you at do-install time easily, anyway. If you're that scared about shar archives, you don't want to build anything you found in a PR anyway. Not that I see how shar makes anything easier, though :-) -- Quentin Garnier - cube%cubidou.net@localhost - cube%NetBSD.org@localhost "See the look on my face from staying too long in one place [...] every time the morning breaks I know I'm closer to falling" KT Tunstall, Saving My Face, Drastic Fantastic, 2007.
Description: PGP signature