Subject: Re: FYI: upgrading GNU tar
To: None <tech-userlevel@netbsd.org>
From: Greg A. Woods <woods@weird.com>
List: tech-userlevel
Date: 10/10/2002 01:18:53
[ On Thursday, October 10, 2002 at 11:22:33 (+0900), Jun-ichiro itojun Hagino wrote: ]
> Subject: FYI: upgrading GNU tar
>
> 	our in-tree GNU tar (gnu/usr.bin/tar) is way too old and has security
> 	problems.  therefore, upgrade is necessary.
> 
> 	i've prepared new GNU tar under gnu/usr.bin/tar.new (and gnu/dist/tar),
> 	with security fixes in place, and plan to switch to tar.new (either
> 	by tweaking Makefile, or by overwriting gnu/usr.bin/tar by tar.new)
> 	soon.  some of the command line options (not the major ones) are
> 	obsoleted, or changed, due to the upgrade.
> 
> itojun
> 
> PS: forget about "we need to migrate to pax" discussion for now.
> pax problem is being handled separately, and we need to secure GNU tar in
> our tree anyways (until pax takes over).

Isn't this about the second or maybe even third time such a lame excuse
has been made?  If GNU Tar wasn't in the tree there'd be no need to
secure it.


-- 
								Greg A. Woods

+1 416 218-0098;            <g.a.woods@ieee.org>;           <woods@robohack.ca>
Planix, Inc. <woods@planix.com>; VE3TCP; Secrets of the Weird <woods@weird.com>