Re: bsdcpio and bsdtar installed by default

[Alistair Crooks <agc%pkgsrc.org@localhost>]

On Sun, Jun 22, 2008 at 10:59:55PM +0400, Aleksej Saushev wrote:
> Alistair Crooks <agc%pkgsrc.org@localhost> writes:
> 
> > On Sun, Jun 22, 2008 at 04:13:35AM +0200, Joerg Sonnenberger wrote:
> >> On Thu, Jun 19, 2008 at 08:22:22PM +0200, Joerg Sonnenberger wrote:
> >> > At least three different implementations for the POSIX interchange
> >> > format exist (GNU tar [not by default], star and bsdtar).
> >> 
> >> Actually, I forgot the tar in heirloom. That makes it four.
> >
> > I can name multiple instances of programs that support X.400.
> >
> > That doesn't mean to say (a) it's a good idea, or (b) that people will
> > use it.
> 
> Sorry? Do you think, noone will use pax/tar? I don't believe it.
> Most probably, people will come, find buggy pax/tar, and all through
> the community will tell: "Don't use NetBSD pax/tar, it is buggy,
> use gtar instead." Just like with Solaris sh or awk.

Thanks for the apology - I've seen the hysteria levels rising here
over time, and it's not productive, merely tiresome.

No-one has yet given a valid reason for the headlong rush into
reliance upon a piece of software which has had recent security
vulnerabilities, and even joerg has taken to evading the question
now.

NetBSD is about doing things right - and I really want to see that
happen - so help me out here.  Point me to a security audit I can
trust, point me to concrete examples where I would not be able to
extract something in a reasonable archive, and point me to a reason
for all this haste, and then we can start talking about the issues.

(This is how it should have been done in the first place).

Thanks,
Alistair