Ciaran McCreesh wrote:
On Thu, 08 May 2008 09:32:34 -0400
Doug Goldstein <[EMAIL PROTECTED]> wrote:
Ciaran McCreesh wrote:
On Thu, 08 May 2008 09:17:08 -0400
Doug Goldstein <[EMAIL PROTECTED]> wrote:
It's troubling to me that projects are using lzma when it's on disk
format isn't even final and the project has security issues.
You mean projects like 'GNU tar'?
As far as I know Ciaran, all GNU projects have switched or are in the
process of switching to lzma over bzip2. I believe the issue in
question which prompted this original e-mail was due to coreutils.
But I could be wrong.
You miss my point. GNU tar sometimes changes its on disk format (and
will be doing so again at some point for xattrs), and it's had security
issues.
Fair enough. However, newer GNU tar's are able to untar the older
formats. If you read the lzma changelogs, it appears to imply that newer
ones won't be able to read older formats. The changelog specifically
states if a user they are handling the issue "gracefully" by telling the
user to upgrade or downgrade their lzma.
--
gentoo-dev@lists.gentoo.org mailing list
