Date: Wed, 18 Dec 2024 12:04:21 +0100 From: Robert Clausecker <fuz@fuz.su> To: Kyle Evans <kevans@freebsd.org> Cc: freebsd-arch@freebsd.org Subject: Re: Removing shar(1) Message-ID: <Z2KsNXS8PvQWEpCZ@fuz.su> In-Reply-To: <0d63a94d-2773-4efd-b789-0b753ab38b91@FreeBSD.org> References: <0d63a94d-2773-4efd-b789-0b753ab38b91@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi Kyle, With shar no longer being recommended for the submission of new ports, I see no objection to removing this feature. However, tar(1) should keep the functionality. We should consider replacing shar(1) by an implementation that just calls into tar(1) to do its job. Yours, Robert Clausecker Am Tue, Dec 17, 2024 at 08:27:16PM -0600 schrieb Kyle Evans: > Hi, > > I was reminded the other day that shar(1) exists, though it's use is no > longer recommended in ports. The same functionality can be found in tar(1) > instead, so I think we should deorbit /usr/bin/shar and stop promoting it > entirely. sh(1) archives are really problematic from a user standpoint for > at least one reason best explained by the manpage: > > It is easy to insert trojan horses into shar files. It is strongly > recommended that all shell archive files be examined before running > them through sh(1). Archives produced using this implementation of > shar may be easily examined with the command: > > egrep -av '^[X#]' shar.file > > It's hard to advocate for their use in good conscience, much like it's hard > to advocate curl|sh pipes. > > Review: https://reviews.freebsd.org/D48130 > > Thanks, > > Kyle Evans > -- () ascii ribbon campaign - for an encoding-agnostic world /\ - against html email - against proprietary attachments
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Z2KsNXS8PvQWEpCZ>