On Tue, Aug 28, 2007 at 05:26:09PM -0400, Joey Hess wrote:
> This thread has concentrated on fixing packages, but I would appreciate
> a little insight into why someone might set TAPE in their environment by
> default. Surely if you set it by default, you must realse that you're
> asking any such invocation of tar to write over your tape? Why would
> anyone do that? It's not as if Debian packages are the only software
> that might run tar without -f, so even if they were all fixed, setting
> TAPE by default would be an incredibly risky thing to do.
Further highlighted, is that the tape device would need to be
writeable by the account being used to rebuild a package. I've never
seen anyone suggest that rebuilding a package as root is a good
idea (which would extend, in my opinion, to building with an account
which has privileged access to overwrite something critical like a
raw block device). Alternately, making your /dev/rst0 or whatever
world-writeable is similarly dangerous territory in my opinion.
--
{ IRL(Jeremy_Stanley); PGP(9E8DFF2E4F5995F8FEADDC5829ABF7441FB84657);
SMTP([EMAIL PROTECTED]); IRC([EMAIL PROTECTED]); ICQ(114362511);
AIM(dreadazathoth); YAHOO(crawlingchaoslabs); FINGER([EMAIL PROTECTED]);
MUD([EMAIL PROTECTED]:6669); WWW(http://fungi.yuggoth.org/); }
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
