On Fri, Jan 22, 2021 at 10:00:04PM +0100, René Scharfe wrote: > Adding support for using a custom user and group should be easy. Is > this just a cosmetic thing? Regular users would ignore the user info in > the archive, and root should not be used for extracting, and on systems > that don't have a logwatch user this wouldn't make a difference anyway, > right? Right now, "git archive" operations are bit-for-bit identical across all versions going back at least 8+ years. In fact, we've been relying on this to support bundling tarball signatures with git tags themselves (via git notes). E.g. you can see this in action here: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/tag/?h=v5.10.9 If you click on "(sig)", you will download a signature that can be used to verify the tarball generated using "git archive". I would argue that adding user/group support to "git archive" operation is not really solving any problems other than "it's different from when I run it as a regular user" -- and can introduce potential compatibility problems if implemented. So, I would selfishly vote not to implement this. -K
