Hello Alan, Jim,

* Jim Meyering wrote on Sun, Nov 22, 2009 at 04:32:57PM CET:
> Alan Curry wrote:
> > So was the drwxrwxrwx in the tarball put there to teach a lesson to those
> > who trust a tarball to have sane permissions? Or is it a bug?
> On one hand, you can also think of it as a LART for
> anyone who builds from source as root  ;-)
> I think the motivation was to avoid imposing restrictions.  With relaxed
> permissions, the umask of the unpacker completely determines the permissions.
> If the distribution-tarball-creator were to choose stricter permissions,
> say prohibiting group/other write access, that would make it harder for
> people who use 002 and want all directories to be group-writable.
> That said, I'd have no objection to applying "chmod 755"
> (rather than a+rwx) to the directories that go into the tarball.
> FYI, those permissions were set via the Automake-generated "make dist"
> rule, so every automake-using package has created distribution tarballs
> that way for at least 10 years.

Automake is following the GNU Coding Standards recommendation here,
which lists another reason ((standards.info)Releases):

     Make sure that the directory into which the distribution unpacks (as
  well as any subdirectories) are all world-writable (octal mode 777).
  This is so that old versions of `tar' which preserve the ownership and
  permissions of the files from the tar archive will be able to extract
  all the files even if the user is unprivileged.

     Make sure that all the files in the distribution are world-readable.


Reply via email to