Date: Tue, 17 Dec 2024 21:10:46 -0600 From: Kyle Evans <kevans@FreeBSD.org> To: freebsd-arch@freebsd.org Subject: Re: Removing shar(1) Message-ID: <395c1241-b331-4d9a-90d8-0144ee6241bc@FreeBSD.org> In-Reply-To: <Z2I4eAmzbf1agqhh@hemlock.eden.le-fay.org> References: <0d63a94d-2773-4efd-b789-0b753ab38b91@FreeBSD.org> <Z2I4eAmzbf1agqhh@hemlock.eden.le-fay.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On 12/17/24 20:50, מרים wrote: > Kyle Evans: >> I was reminded the other day that shar(1) exists, though it's use is no >> longer recommended in ports. The same functionality can be found in tar(1) >> instead, so I think we should deorbit /usr/bin/shar and stop promoting it >> entirely. > > for whatever it's worth (probably not much) i strongly disagree. > shar(1) has been around for ages and it does no harm to keep it. > We're not doing our users any favors by promoting it as a first-class citizen like this. There are much safer/better archive alternatives that are still almost universally available, we really should be looking for a higher bar than "it has been around for ages" to retain it. >> It is easy to insert trojan horses into shar files. > > half the software on the Internet nowadays tells people to do "curl | > bash" and we don't advocate for removing fetch(1) or sh(1). We don't, and we certainly don't advocate for our users to do such silly things. (See the explicit reference to that exact construct in the original e-mail) Thanks, Kyle Evans
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?395c1241-b331-4d9a-90d8-0144ee6241bc>