lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20060920195306.GA3266@sentinelchicken.org>
Date: Wed, 20 Sep 2006 15:53:06 -0400
From: Tim <tim-security@...tinelchicken.org>
To: Aaron Gray <angray@...b.net>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: tar alternative



> cpio ?
> 
> It does the job of both tar and gzip. Try an :-
> 
>       info cpio

I am familiar with cpio, but as I said, I was hoping for a format that
does not contain usernames and other metainformation that is not
necessary for software distribution.  I believe cpio is meant for
backups is it not?  I don't believe a format meant for backups is a
great thing to use for software distribution.


> As for the Linux Kernel archives, I do not really think there is enough 
> justification for a change in distribution format.

Right, well I did take the thread my own way, and am posing this as a
more general question on software distribution.  Certainly I don't know
of another format at this point that would be a better way to distribute
it, and the original poster's concerns probably don't have a major
impact on most people.


> Most kernel coders either use non root account for untar'ing and making 
> the kernel and do a 'sudo make install' anyway.

Well, the whole idea that having to use a non-root account to unpack
some files has always been rediculous to me.  Sure, given the way tar
behaves, it is insane not to, but for a software distribution tool,
making this a requirement is pretty lame.  Changing tar's behavior to be
safer is possible, but would likely degrade the ability of tar to be a
good backup tool.  The use cases for each type of tool are simply
different.

thanks for your response,
tim

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ