On Mon, Oct 20, 2014 at 08:25:59AM -0700, Linus Torvalds wrote: > Junio, Brian, > > it seems that the stability of the "git tar" output is broken. It doesn't appear that the stability of git archive --format=tar is documented anywhere. Given that, it doesn't seem reasonable to expect that any tar implementation produces bit-for-bit compatible output between versions. After all, look at all the contortions that Debian has had to go through to keep pristine-tar working. > Junio, quite frankly, I don't think that that fix was a good idea. I'd > suggest having a *separate* umask for the pax headers, so that we do > not break this long-lasting stability of "git archive" output in ways > that are unfixable and not compatible. kernel.org has relied (for a > *long* time) on being able to just upload the signature of the > resulting tar-file, because both sides can generate the same tar-fiel > bit-for-bit. It sounds like kernel.org has a bug, then. Perhaps that's the appropriate place to fix the issue. The issue I fixed is that leaving world-writable files around on disk is a great way for people to cause mischief (for example, by filling up other users' quotas), and some tar implementations and all Linux pax implementations extract the pax headers into the working directory, and that's often /tmp. -- brian m. carlson / brian with sandals: Houston, Texas, US +1 832 623 2791 | http://www.crustytoothpaste.net/~bmc | My opinion only OpenPGP: RSA v4 4096b: 88AC E9B2 9196 305B A994 7552 F1BA 225C 0223 B187
Attachment:
signature.asc
Description: Digital signature