[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Size matters. 7zip. Again.

John Goerzen a écrit :
On Wed, Feb 15, 2006 at 06:45:21PM +0100, Eduard Bloch wrote:

#include <hallo.h>
* Lars Wirzenius [Wed, Feb 15 2006, 10:42:02AM]:

(Once we use .tar.bz2, the sizes will be even smaller.)

I cannot remember a clear consens from the "Size matters" thread, and
IMO we should go for 7zip at least for source packages.

There are a lot of problems with 7zip.

They continue to fix various segfault bugs.

It is rather windows-centric in its approach in many ways.

They've recently added support for symlinks and file permission bits,
and still don't support storing of uid/gid.  You can probably pretty
much forget storage of hard links and sparse files.

I wouldn't be surprised to find various security bugs that have been
long-since fixed in tar, such as unpacking files with names such as
../../../etc/passwd or whatnot.

You may say that some of these don't matter for source archives.  That
is true to a certain extent, but security does matter there still.

What about using .tar.7z files to fix those problems?

  .''`.  Aurelien Jarno	            | GPG: 1024D/F1BCDB73
 : :' :  Debian developer           | Electrical Engineer
 `. `'   aurel32@debian.org         | aurelien@aurel32.net
   `-    people.debian.org/~aurel32 | www.aurel32.net

Reply to: