Re: Removing shar(1)

On 12/18/24 05:04, Robert Clausecker wrote:
> Hi Kyle,
> 
> With shar no longer being recommended for the submission of new ports,
> I see no objection to removing this feature.  However, tar(1) should
> keep the functionality.
> 

I make no proposal to remove it from tar- that'd be really annoying 
after recommending people use tar(1) instead both here and in the patch 
below.

> We should consider replacing shar(1) by an implementation that just calls
> into tar(1) to do its job.
> 

Strongly prefer not to if we can avoid it (I'm not seeing any arguments 
that we really need it to be a first-class citizen); I view that as 
promoting functionality that we shouldn't be encouraging, along with 
providing a manpage.

> Yours,
> Robert Clausecker
> 
> Am Tue, Dec 17, 2024 at 08:27:16PM -0600 schrieb Kyle Evans:
>> Hi,
>>
>> I was reminded the other day that shar(1) exists, though it's use is no
>> longer recommended in ports.  The same functionality can be found in tar(1)
>> instead, so I think we should deorbit /usr/bin/shar and stop promoting it
>> entirely.  sh(1) archives are really problematic from a user standpoint for
>> at least one reason best explained by the manpage:
>>
>>   It is easy to insert trojan horses into shar files.  It is strongly
>>   recommended that all shell archive files be examined before running
>>   them through sh(1).  Archives produced using this implementation of
>>   shar may be easily examined with the command:
>>
>>        egrep -av '^[X#]' shar.file
>>
>> It's hard to advocate for their use in good conscience, much like it's hard
>> to advocate curl|sh pipes.
>>
>> Review: https://reviews.freebsd.org/D48130
>>
>> Thanks,
>>
>> Kyle Evans
>>
>