[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: many packages FTBFS, if $TAPE is set

On Tue, Aug 28, 2007 at 05:26:09PM -0400, Joey Hess wrote:
> This thread has concentrated on fixing packages, but I would appreciate
> a little insight into why someone might set TAPE in their environment by
> default. Surely if you set it by default, you must realse that you're
> asking any such invocation of tar to write over your tape? Why would
> anyone do that? It's not as if Debian packages are the only software
> that might run tar without -f, so even if they were all fixed, setting
> TAPE by default would be an incredibly risky thing to do.

Further highlighted, is that the tape device would need to be
writeable by the account being used to rebuild a package. I've never
seen anyone suggest that rebuilding a package as root is a good
idea (which would extend, in my opinion, to building with an account
which has privileged access to overwrite something critical like a
raw block device). Alternately, making your /dev/rst0 or whatever
world-writeable is similarly dangerous territory in my opinion.
-- 
{ IRL(Jeremy_Stanley); PGP(9E8DFF2E4F5995F8FEADDC5829ABF7441FB84657);
SMTP(fungi@yuggoth.org); IRC(fungi@irc.yuggoth.org#ccl); ICQ(114362511);
AIM(dreadazathoth); YAHOO(crawlingchaoslabs); FINGER(fungi@yuggoth.org);
MUD(fungi@katarsis.mudpy.org:6669); WWW(http://fungi.yuggoth.org/); }
Reply to: