Thank you for your prompt response. On Fri, Mar 19, 2010 at 11:43:30AM +0200, Sergey Poznyakoff wrote: > Solar Designer <[email protected]> ha escrit: > > > In light of CVE-2010-0624, I'd like to propose a change of default for > > tar. Specifically, how about changing the --rsh-command option to have > > no default? > > No, I don't think that encountering a bug should lead to disabling > the piece of functionality that exhibited it.
Not exactly "disabling", but "changing the default to a safer one". Those who need the functionality will be able to continue using it. In fact, many of them won't even have to make any changes (if they were already passing the option, which was a smart thing for them to do). As to the specific bug, to me it was just a reminder of the design error and the unsafe default. Let's at least correct the latter. That said, I appreciate and respect your opinion. Thanks again! Alexander
