[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Bug-tar] --rsh-command default

From: Solar Designer
Subject: Re: [Bug-tar] --rsh-command default
Date: Fri, 19 Mar 2010 12:56:08 +0300
User-agent: Mutt/

Thank you for your prompt response.

On Fri, Mar 19, 2010 at 11:43:30AM +0200, Sergey Poznyakoff wrote:
> Solar Designer <address@hidden> ha escrit:
> > In light of CVE-2010-0624, I'd like to propose a change of default for
> > tar.  Specifically, how about changing the --rsh-command option to have
> > no default?
> No, I don't think that encountering a bug should lead to disabling
> the piece of functionality that exhibited it. 

Not exactly "disabling", but "changing the default to a safer one".
Those who need the functionality will be able to continue using it.
In fact, many of them won't even have to make any changes (if they were
already passing the option, which was a smart thing for them to do).

As to the specific bug, to me it was just a reminder of the design
error and the unsafe default.  Let's at least correct the latter.

That said, I appreciate and respect your opinion.  Thanks again!


reply via email to

[Prev in Thread] Current Thread [Next in Thread]