On Wed, Oct 23, 2002 at 11:35:27AM -0500, Frederick Bruckman wrote:

 > Would it be acceptable, security-wise, to permit relative links in the
 > archive (slash-package) with some constraints, like making sure
 > leading directories are not symlinks, and counting them to make sure
 > that that any "../"'s don't break out of the extracted heirarchy? Or
 > are relative links so evil, that we have to change the way we support
 > building to ${DESTDIR}?

That certainly seems acceptable to me.

-- 
        -- Jason R. Thorpe <thorpej@wasabisystems.com>