Re: Removing shar(1)

In reply to: Kyle Evans : "Removing shar(1)"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: Philip Paeps <philip_at_freebsd.org>
Date: Wed, 18 Dec 2024 04:57:45 UTC

On 2024-12-18 10:27:16 (+0800), Kyle Evans wrote:
> I was reminded the other day that shar(1) exists, though it's use is 
> no longer recommended in ports.  The same functionality can be found 
> in tar(1) instead, so I think we should deorbit /usr/bin/shar and stop 
> promoting it entirely.  sh(1) archives are really problematic from a 
> user standpoint for at least one reason best explained by the manpage:
>
>  It is easy to insert trojan horses into shar files.  It is strongly
>  recommended that all shell archive files be examined before running
>  them through sh(1).  Archives produced using this implementation of
>  shar may be easily examined with the command:
>
>       egrep -av '^[X#]' shar.file
>
> It's hard to advocate for their use in good conscience, much like it's 
> hard to advocate curl|sh pipes.
>
> Review: https://reviews.freebsd.org/D48130

I don't have a strong opinion on shar's existence.  We produce rope.  If 
people want to use it to hang themselves, that's their prerogative.

I don't object to adding a deprecation notice to shar(1) though.  If we 
hear loud protests during the lifetime of the stable/15 branch, we can 
evaluate whether to actually delete before branching stable/16 ... or 
kick the can further down the road.

Philip