Date: Wed, 18 Dec 2024 07:51:50 -0600 From: Kyle Evans <kevans@FreeBSD.org> To: Robert Clausecker <fuz@fuz.su> Cc: freebsd-arch@freebsd.org Subject: Re: Removing shar(1) Message-ID: <d3d0e181-5203-4149-a087-0c9eff1a4e3a@FreeBSD.org> In-Reply-To: <Z2KsNXS8PvQWEpCZ@fuz.su> References: <0d63a94d-2773-4efd-b789-0b753ab38b91@FreeBSD.org> <Z2KsNXS8PvQWEpCZ@fuz.su>
next in thread | previous in thread | raw e-mail | index | archive | help
On 12/18/24 05:04, Robert Clausecker wrote: > Hi Kyle, > > With shar no longer being recommended for the submission of new ports, > I see no objection to removing this feature. However, tar(1) should > keep the functionality. > I make no proposal to remove it from tar- that'd be really annoying after recommending people use tar(1) instead both here and in the patch below. > We should consider replacing shar(1) by an implementation that just calls > into tar(1) to do its job. > Strongly prefer not to if we can avoid it (I'm not seeing any arguments that we really need it to be a first-class citizen); I view that as promoting functionality that we shouldn't be encouraging, along with providing a manpage. > Yours, > Robert Clausecker > > Am Tue, Dec 17, 2024 at 08:27:16PM -0600 schrieb Kyle Evans: >> Hi, >> >> I was reminded the other day that shar(1) exists, though it's use is no >> longer recommended in ports. The same functionality can be found in tar(1) >> instead, so I think we should deorbit /usr/bin/shar and stop promoting it >> entirely. sh(1) archives are really problematic from a user standpoint for >> at least one reason best explained by the manpage: >> >> It is easy to insert trojan horses into shar files. It is strongly >> recommended that all shell archive files be examined before running >> them through sh(1). Archives produced using this implementation of >> shar may be easily examined with the command: >> >> egrep -av '^[X#]' shar.file >> >> It's hard to advocate for their use in good conscience, much like it's hard >> to advocate curl|sh pipes. >> >> Review: https://reviews.freebsd.org/D48130 >> >> Thanks, >> >> Kyle Evans >> >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?d3d0e181-5203-4149-a087-0c9eff1a4e3a>