Re: tar alternative

[Tim <tim-security () sentinelchicken org>]

> cpio ?
>
> It does the job of both tar and gzip. Try an :-
>
>       info cpio

I am familiar with cpio, but as I said, I was hoping for a format that
does not contain usernames and other metainformation that is not
necessary for software distribution.  I believe cpio is meant for
backups is it not?  I don't believe a format meant for backups is a
great thing to use for software distribution.


> As for the Linux Kernel archives, I do not really think there is enough 
> justification for a change in distribution format.

Right, well I did take the thread my own way, and am posing this as a
more general question on software distribution.  Certainly I don't know
of another format at this point that would be a better way to distribute
it, and the original poster's concerns probably don't have a major
impact on most people.


> Most kernel coders either use non root account for untar'ing and making 
> the kernel and do a 'sudo make install' anyway.

Well, the whole idea that having to use a non-root account to unpack
some files has always been rediculous to me.  Sure, given the way tar
behaves, it is insane not to, but for a software distribution tool,
making this a requirement is pretty lame.  Changing tar's behavior to be
safer is possible, but would likely degrade the ability of tar to be a
good backup tool.  The use cases for each type of tool are simply
different.

thanks for your response,
tim

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/