[rtmpdump] tarbomb

[Jeremy Visser]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

G'day,

It seems the rtmpdump-2.1d.tar.gz tarball is in effect a tarbomb. What I
mean by that is if you extract the tarball, it will litter the files all
over the current directory. It's sometimes quite hard to clean up
afterwards, especially if it overwrote some of my valuable files, such
as the Makefile or README file.

$ tar -tvf rtmpdump-2.1d.tar.gz | head -n 5
- -rwxrwxrwx 0/0           23871 2010-02-21 13:47 amf.c
- -rwxrwxrwx 0/0            5380 2009-12-31 16:33 amf.h
- -rwxrwxrwx 0/0            2959 2010-02-21 13:47 bytes.h
- -rwxrwxrwx 0/0            6812 2010-02-21 13:47 ChangeLog
- -rwxrwxrwx 0/0           17987 2009-12-31 16:33 COPYING

It is common etiquette to produce tarballs that have one (and only one)
directory inside it, in the format $project-$version. And if a really
picky person wants to extract the files into the current directory, they
can specify "--strip-components=1" as an argument to tar.

Regards,
Jeremy.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkuGcDkACgkQvs6Qqs8TxBqryQCfVgRyZOFohnuV9LOHlEOgumWP
V/cAoKIt27JCvbFQ8r/0Kdp2IxfZPGP2
=Nwyz
-----END PGP SIGNATURE-----