Hi! I don't know if I really understand the entire "world-writable files" security hole.
Anyway, I think the average CPAN author doesn't really know or care about that, sadly. See also: http://use.perl.org/~cosimo/journal/37554 I'd really prefer not having to change my tar command on every system I use. Hence the EU::MM patch. I'm almost totally ignorant about EU::MM. The patch is against trunk, and a `make dist' now works for me on Linux (5.8.8) and Windows Vista (5.10.0). The dists built have the "correct" permissions. I tried to keep the `--mode' option inside $(TARFLAGS), but it seems that gnu tar doesn't like the following: $ tar --mode=0755 cvf blah.tar somedir $ tar c --mode=0755 vf blah.tar somedir and will only accept: $ tar cvf blah.tar --mode=0755 somedir Could this work? -- Cosimo
eumm_world_writable.patch
Description: Binary data
