On Mon, 2018-11-26 at 20:17 +0100, Ulrich Mueller wrote: > > > > > > On Mon, 26 Nov 2018, Michał Górny wrote: > > Specification > > ============= > > The container format > > -------------------- > > The gpkg package container is an uncompressed .tar achive whose filename > > should use ``.gpkg.tar`` suffix. This archive contains the following > > members, all placed in a single directory whose name matches > > the basename of the package file, in order: > > I see no value in adding another directory indirection, and it will add > more overhead.
Tar bomb is not a good design. Given tar padding, there will be no overhead unless the full path exceeds ustar limits which is unlikely. > Also, AFAICS the tar|tar pipeline that you previously > suggested won't work any more (or would at least require additional > arguments). I'm pretty sure the tar pipeline was actually written with account for the directory. > > > 1. The package identifier file ``gpkg-1.txt`` (required). > > [...] > > The implementations must include a package identifier file named > > ``gpkg-1.txt``. The filename includes package format version; > > implementations should reject packages which do not contain this file > > as unsupported format. > > The file can have any contents. Normally, it should be empty. > > If the file is empty, why is it named gpkg-1.txt (instead of just > gpkg-1)? > *shrug*. I can make it 'gpkg-1' or 'gpkg.1' or whatever you want ;-). -- Best regards, Michał Górny
signature.asc
Description: This is a digitally signed message part
