Is this really an issue? Its true that tar will extract the files as group-writeable if your umask allows it. But the gid is going to be your primary group. It would be decidedly weird if there are untrusted users in your own primary group.
On Wednesday, January 8, 2014 8:15:56 AM UTC-5, Jeroen Demeyer wrote: > > Most files in the source tarball > > > http://boxen.math.washington.edu/home/release/sage-6.1.beta4/sage-6.1.beta4.tar.gz > > > are group-writable. This can be dangerous, since tar extracts permissions. > -- You received this message because you are subscribed to the Google Groups "sage-release" group. To unsubscribe from this group and stop receiving emails from it, send an email to sage-release+unsubscr...@googlegroups.com. To post to this group, send email to sage-release@googlegroups.com. Visit this group at http://groups.google.com/group/sage-release. For more options, visit https://groups.google.com/groups/opt_out.
