Re: git: f68ee0e7a1e8 - main - shar: add a deprecation notice

Wed, 01 Jan 2025 19:12:31 -0800 

On 1/1/25 20:53, Cy Schubert wrote:

In message <202501020215.5022feqp042...@gitrepo.freebsd.org>, Kyle Evans
writes
:

The branch main has been updated by kevans:

URL: https://cgit.FreeBSD.org/src/commit/?id=f68ee0e7a1e8732f725cad4ac708ec49
093782d4

commit f68ee0e7a1e8732f725cad4ac708ec49093782d4
Author:     Kyle Evans <kev...@freebsd.org>
AuthorDate: 2025-01-02 02:15:36 +0000
Commit:     Kyle Evans <kev...@freebsd.org>
CommitDate: 2025-01-02 02:15:36 +0000

     shar: add a deprecation notice
The shar(1) program is simple, but the fundamental idea of a sh archive 
     is risky at best and one that we probably shouldn't be promoting as
     prominently as a program in $PATH and a manpage.  Let's deprecate and
     remove it, since the same functionality can easily be found in
     tar(1) instead.
Reviewed by: emaste, philip 
     Reviewed by:    allanjude, brooks, delphij, des, imp, rpokala (previous)
     MFC after:      3 days
     Differential Revision:  https://reviews.freebsd.org/D48130
---
  usr.bin/shar/shar.1 | 14 +++++++++++++-
  1 file changed, 13 insertions(+), 1 deletion(-)

diff --git a/usr.bin/shar/shar.1 b/usr.bin/shar/shar.1
index 903f937491dc..df97021b1bba 100644
--- a/usr.bin/shar/shar.1
+++ b/usr.bin/shar/shar.1
@@ -25,12 +25,24 @@
  .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  .\" SUCH DAMAGE.
  .\"
-.Dd January 31, 2019
+.Dd January 1, 2025
  .Dt SHAR 1
  .Os
  .Sh NAME
  .Nm shar
  .Nd create a shell archive of files
+.Sh DEPRECATION NOTICE
+.Nm
+is obsolete and may not be present in
+.Fx 15
+and later.
+Because shell archives are simultaneously data and code and are typically
+interpreted by
+.Xr sh 1 ,
+they can easily be trojan-horsed and pose a significant security risk to use
rs.
+The
+.Xr tar 1
+utility can still produce shar encodings of files if needed.
  .Sh SYNOPSIS
  .Nm
  .Ar



We should probably point to the new port or the GNU variant in ports.
Oh, sorry, I didn't realize you had gone ahead with the port. I wouldn't normally recommend a GNU variant, would you be OK with something like: 

diff --git a/usr.bin/shar/shar.1 b/usr.bin/shar/shar.1
index df97021b1bba..6beb1e84ceab 100644
--- a/usr.bin/shar/shar.1
+++ b/usr.bin/shar/shar.1
@@ -43,6 +43,11 @@ they can easily be trojan-horsed and pose a significant security risk to users. 
 The
 .Xr tar 1
 utility can still produce shar encodings of files if needed.
+The
+.Pa sysutils/freebsd-shar
+port has been created to maintain this version of
+.Nm
+past its deprecation in base.
 .Sh SYNOPSIS
 .Nm
 .Ar

?

Thanks,

Kyle Evans

Reply via email to