On Mon, 2006-05-29 at 14:56 +0200, Johannes Winkelmann wrote:
What's the upstream status of this? If there's no chance this patch ever gets accepted, I'd vote to revert it. It's an unnatural choice for CRUX to ship modified core utilities, especially since it's easy enough to create an alias, use a modified port
I agree, but when it comes to security, behaving like upstream does comes in second.
or - in this particular case - do as the kernel guys say and uncompress/compile the kernel as non-root user.
Mind you, this applies to all tarballs, not only the ones from kernel.org. If this is reverted, at least pkgmk should use --no-same-permissions --no-same-owner when extracing sources. Also, if it's that insane to extract and compile as root, why is it still the official way to build all software on CRUX? ;)
However, if this is going to be integrated by the GNU tar devs at some point in time, I think it's valid to keep it in. So what's the status here?
I personally doubt it, they probably consider it a feature over a bug (since the default is to not retain permissions, the insane behaviour is only applied if you run tar as root.)