Subject: Re: FYI: upgrading GNU tar
To: None <>
From: Greg A. Woods <>
List: tech-userlevel
Date: 10/10/2002 01:18:53
[ On Thursday, October 10, 2002 at 11:22:33 (+0900), Jun-ichiro itojun Hagino wrote: ]
> Subject: FYI: upgrading GNU tar
> 	our in-tree GNU tar (gnu/usr.bin/tar) is way too old and has security
> 	problems.  therefore, upgrade is necessary.
> 	i've prepared new GNU tar under gnu/usr.bin/ (and gnu/dist/tar),
> 	with security fixes in place, and plan to switch to (either
> 	by tweaking Makefile, or by overwriting gnu/usr.bin/tar by
> 	soon.  some of the command line options (not the major ones) are
> 	obsoleted, or changed, due to the upgrade.
> itojun
> PS: forget about "we need to migrate to pax" discussion for now.
> pax problem is being handled separately, and we need to secure GNU tar in
> our tree anyways (until pax takes over).

Isn't this about the second or maybe even third time such a lame excuse
has been made?  If GNU Tar wasn't in the tree there'd be no need to
secure it.

								Greg A. Woods

+1 416 218-0098;            <>;           <>
Planix, Inc. <>; VE3TCP; Secrets of the Weird <>