On Fri, Jan 22 2021, Konstantin Ryabitsev wrote: > On Fri, Jan 22, 2021 at 10:00:04PM +0100, René Scharfe wrote: >> Adding support for using a custom user and group should be easy. Is >> this just a cosmetic thing? Regular users would ignore the user info in >> the archive, and root should not be used for extracting, and on systems >> that don't have a logwatch user this wouldn't make a difference anyway, >> right? > > Right now, "git archive" operations are bit-for-bit identical across all > versions going back at least 8+ years. In fact, we've been relying on this to > support bundling tarball signatures with git tags themselves (via git notes). > E.g. you can see this in action here: > https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/tag/?h=v5.10.9 > > If you click on "(sig)", you will download a signature that can be used to > verify the tarball generated using "git archive". > > I would argue that adding user/group support to "git archive" operation is > not really solving any problems other than "it's different from when I run it > as a regular user" -- and can introduce potential compatibility problems if > implemented. > > So, I would selfishly vote not to implement this. It seems "logwatch" has the same situation, except their backwards compatibility is with non-"git archive" tool that used user != root. If it solves a problem for some users and someone comes up with a patch I don't see why it shouldn't be implemented, but I think it's important that "root" is the default unless configured or the relevant option is invoked. Or do you mean that the kernel.org use-case is that users are expected to run "git archive" on their own machines and upload the result to kernel.org, and that kernel.org relies on two such files bit-for-bit identical?
