On 04/22/2012 04:54 AM, Joerg Schilling wrote: > libfind is in use since 6 years in OSS > projects and nobody did so far complain
GNU tar has been in use far longer than that, and nobody ever complained about its security holes in this area, before I fixed them. That's a problem with security holes: the people most likely to find them are the people least likely to complain about them.
