[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: permissions of files in dist tarball
From: |
Jim Meyering |
Subject: |
Re: permissions of files in dist tarball |
Date: |
Wed, 25 Nov 2009 21:15:45 +0100 |
Ralf Wildenhues wrote:
> Hello Alan, Jim,
> * Jim Meyering wrote on Sun, Nov 22, 2009 at 04:32:57PM CET:
>> Alan Curry wrote:
>> > So was the drwxrwxrwx in the tarball put there to teach a lesson to those
>> > who trust a tarball to have sane permissions? Or is it a bug?
>>
>> On one hand, you can also think of it as a LART for
>> anyone who builds from source as root ;-)
>>
>> I think the motivation was to avoid imposing restrictions. With relaxed
>> permissions, the umask of the unpacker completely determines the permissions.
>> If the distribution-tarball-creator were to choose stricter permissions,
>> say prohibiting group/other write access, that would make it harder for
>> people who use 002 and want all directories to be group-writable.
>>
>> That said, I'd have no objection to applying "chmod 755"
>> (rather than a+rwx) to the directories that go into the tarball.
>>
>> FYI, those permissions were set via the Automake-generated "make dist"
>> rule, so every automake-using package has created distribution tarballs
>> that way for at least 10 years.
>
> Automake is following the GNU Coding Standards recommendation here,
> which lists another reason ((standards.info)Releases):
>
> Make sure that the directory into which the distribution unpacks (as
> well as any subdirectories) are all world-writable (octal mode 777).
> This is so that old versions of `tar' which preserve the ownership and
> permissions of the files from the tar archive will be able to extract
> all the files even if the user is unprivileged.
>
> Make sure that all the files in the distribution are world-readable.
Thanks, Ralf.
Considering that that text is at least 10 years old, I think
we can say with confidence that the reason for it (that then-old
version of tar) is no longer relevant. I would like to update
that part of the GNU Coding Standards.
Can anyone think of a reason *not* to revise the GCS to allow
or even recommend using more safety-conscious permissions?
- Re: stable coreutils-8.1 today, fingers crossed, (continued)
- Re: stable coreutils-8.1 today, fingers crossed, Pádraig Brady, 2009/11/19
- Re: stable coreutils-8.1 today, fingers crossed, Jim Meyering, 2009/11/19
- Re: stable coreutils-8.1 today, fingers crossed, Gilles Espinasse, 2009/11/21
- Re: stable coreutils-8.1 today, fingers crossed, Jim Meyering, 2009/11/21
- Re: stable coreutils-8.1 today, fingers crossed, Gilles Espinasse, 2009/11/21
- Re: stable coreutils-8.1 today, fingers crossed, Gilles Espinasse, 2009/11/22
- Re: stable coreutils-8.1 today, fingers crossed, Jim Meyering, 2009/11/22
- Re: stable coreutils-8.1 today, fingers crossed, Alan Curry, 2009/11/22
- Re: stable coreutils-8.1 today, fingers crossed, Jim Meyering, 2009/11/22
- permissions of files in dist tarball (was: stable coreutils-8.1 today, fingers crossed), Ralf Wildenhues, 2009/11/24
- Re: permissions of files in dist tarball,
Jim Meyering <=
- Re: permissions of files in dist tarball, Ralf Wildenhues, 2009/11/27
- Re: stable coreutils-8.1 today, fingers crossed, Eric Blake, 2009/11/19
- Re: stable coreutils-8.1 today, fingers crossed, Jim Meyering, 2009/11/20
- Re: stable coreutils-8.1 today, fingers crossed, Andreas Schwab, 2009/11/19
- Re: stable coreutils-8.1 today, fingers crossed, Jim Meyering, 2009/11/19
- Re: stable coreutils-8.1 today, fingers crossed, Andreas Schwab, 2009/11/19
- Re: stable coreutils-8.1 today, fingers crossed, Jim Meyering, 2009/11/19
- Re: stable coreutils-8.1 today, fingers crossed, Bauke Jan Douma, 2009/11/19
- Re: stable coreutils-8.1 today, fingers crossed, Jim Meyering, 2009/11/19
- Re: stable coreutils-8.1 today, fingers crossed, Andreas Schwab, 2009/11/22