On 12/08/13 01:25 PM, Paul Eggert wrote: > I'm still not sold on this idea; I think it's too "intelligent", > the documentation is hard to understand, and it'll be hard to > explain to users. > > Could someone please explain why the '-k' option (which already > exists) doesn't solve the problem? Perhaps we can build on -k.
When extracting a tarbomb, I guess it helps to use the -k option so that no file is overwritten. However, that is not the main annoyance. Simply having 10 extra loose files in the working directory is. The user typically has to move them into a subdirectory one by one if the filesystem is to stay organized. The patch (1) detects if the file being extracted is a tarbomb and (2) handles it gracefully if it is. If instead of (2) tar simply quit with an error, I would also be somewhat happy because I don't encounter tarbombs very often. This could be handled without adding a new option if -k became "don't replace existing files or create more than one file at the top level when extracting, treat them as errors". So -k would become a broader kind of "play it safe while extracting" option.
signature.asc
Description: OpenPGP digital signature
