Hi there,
Thanks for your interest. I recommend checking out a copy of the svn wiki repo
and using chicken-doc-admin to import it, instead of using the tarball. For
details see the Quick Start section in
https://api.call-cc.org/5/doc/chicken-doc-admin.
Or, extract the tarball somewhere in
For a proper fix, could chicken-doc be modified to download the tar
file, sanity-check its contents, and unpack it safely into the user's
home directory instead?
Alternatively, if the documentation is shipped in some kind of file
format with an index for fast lookup, it doesn't need to be
Currently https://wiki.call-cc.org/eggref/5/chicken-doc instructs users
to run:
curl https://3e8.org/pub/chicken-doc/chicken-doc-repo-5.tgz | sudo tar zx
in a directory that's often located within /usr. This is not ideal from
a security perspective, especially given that that the remote file
