[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: Submitting new packages
On Thu, 3 Jul 2008 22:39:14 +0200
Quentin Garnier <cube%cubidou.net@localhost> wrote:
> On Thu, Jul 03, 2008 at 09:22:23PM +0100, Alistair Crooks wrote:
> > On Thu, Jul 03, 2008 at 03:15:06PM -0400, Steven M. Bellovin wrote:
> > > On Thu, 3 Jul 2008 21:11:54 +0200
> > > jens.rehsack%bayerbbs.com@localhost wrote:
> > >
> > > > Hi all,
> > > >
> > > > I read in pkgsrc handbook, chap. 21.2, that a new package
> > > > should be submitted as a uuencoded, gzip'ed tar archive.
> > > > In FreeBSD we're using shar(1) which is more comfortable (at
> > > > least for me ^^).
> > > > Just a question: Does your process strict requires the
> > > > uuencoded, gzipped tar archive (though I must submit the pr's
> > > > using the web-interface) or is a shar file ok, too?
> > > > Finally, I will create an alias or a small script creating the
> > > > required format - so I do not want to initiate a big change -
> > > > it's just a question.
> > > >
> > > shar is a pretty serious security risk for the recipient; I'd be
> > > appalled if we accepted it.
> > Absolutely - please submit as a tar archive, or find someone who
> > can help you do that. It's not that onerous, and it makes our lives
> > much less stressful.
> Much less? A clever MASTER_SITES setting will make you download crap
> that will root you at do-install time easily, anyway. If you're that
> scared about shar archives, you don't want to build anything you found
> in a PR anyway.
> Not that I see how shar makes anything easier, though :-)
I said "much less" because of the difficulty in reading a shar file,
compared with a tarball I've downloaded and unpacked. There, I at
least have a fighting chance...
--Steve Bellovin, http://www.cs.columbia.edu/~smb
Main Index |
Thread Index |