Ralf Wildenhues wrote: > Hello Alan, Jim, > * Jim Meyering wrote on Sun, Nov 22, 2009 at 04:32:57PM CET: >> Alan Curry wrote: >> > So was the drwxrwxrwx in the tarball put there to teach a lesson to those >> > who trust a tarball to have sane permissions? Or is it a bug? >> >> On one hand, you can also think of it as a LART for >> anyone who builds from source as root ;-) >> >> I think the motivation was to avoid imposing restrictions. With relaxed >> permissions, the umask of the unpacker completely determines the permissions. >> If the distribution-tarball-creator were to choose stricter permissions, >> say prohibiting group/other write access, that would make it harder for >> people who use 002 and want all directories to be group-writable. >> >> That said, I'd have no objection to applying "chmod 755" >> (rather than a+rwx) to the directories that go into the tarball. >> >> FYI, those permissions were set via the Automake-generated "make dist" >> rule, so every automake-using package has created distribution tarballs >> that way for at least 10 years. > > Automake is following the GNU Coding Standards recommendation here, > which lists another reason ((standards.info)Releases): > > Make sure that the directory into which the distribution unpacks (as > well as any subdirectories) are all world-writable (octal mode 777). > This is so that old versions of `tar' which preserve the ownership and > permissions of the files from the tar archive will be able to extract > all the files even if the user is unprivileged. > > Make sure that all the files in the distribution are world-readable.
Thanks, Ralf. Considering that that text is at least 10 years old, I think we can say with confidence that the reason for it (that then-old version of tar) is no longer relevant. I would like to update that part of the GNU Coding Standards. Can anyone think of a reason *not* to revise the GCS to allow or even recommend using more safety-conscious permissions?