On 4/11/2014 1:41 AM, Ben Boeckel wrote:
On Thu, Apr 10, 2014 at 18:42:14 -0400, Nick Sabalausky wrote:
Creating a subdirectory with the same name as the archive is the job
of an extracting tool. Archives with a redundant internal directory
Maybe in a perfect world. We do not live in such a place (especially
since tools don't flag 'tarbombs' as anything different). Either way,
get a flag added to tar for such a thing and maybe folks wouldn't care
so much about tarbombs anymore.
It's just that...It never made any sense to me whatsoever that an
archive extractor should *EVER* fail to implicitly create a same-named
directory for all the archive's contents - except when the user
*specifically* says not to.
The convention of expecting *people* (or even archivers for that matter)
to always stick a redundant dummy directory into their archives (and,
naturally, to keep its name reasonably in sync with the archive's
filename - which rules out automatically handling the matter on the
archiver's end) is guaranteed to be error-prone. And yet, AFAICS, it
exists *purely* as a workaround for extractors failing to, by default,
do the *only* thing that really makes sense as a default in the first place.
Illustrating this, here's how I have my system working: I only ever use
the "extract to a new same-named directory" feature of an extractor (in
my case, that's generally WinRAR's or 7-Zip's Explorer shell
integration). The only exception is the *rare* special-case where an
archive is intended to be extracted overtop a specific existing
directory - and even that's a questionable practice anyway. Whenever
possible, I avoid extractors that don't have this "to a new same-named
What that means is I'm guaranteed to *never* have archives clobber, or
spew files into, the wrong directory. And yet I get that *without*
relying on a human convention that will *never* reliably reach a 100%
adoption rate anyway.
The only downside I face is that extracting archives from those trying
to workaround ill-behaved extractors results in an extra superfluous
directory. An annoyance (well, a pet-peeve TBH), but clearly not
anywhere near as bad.
I just don't see how it could *possibly* make any sense to NOT do it
Well, that's my rant about it, anyway. ;)