Job Snijders <job@bsd.nl> wrote:

> On Wed, May 13, 2026 at 08:50:08AM -0600, Theo de Raadt wrote:
> > > I think it is helpful to only consider CA material that can fit in
> > > USTAR archives and reject exogenous names. If 99 characters isn't
> > 
> > I believe we were the last ones to update tar to be more modern.
> > Didn't everyone else fix it first?
> > 
> > So is this a real problem?
> 
> Funny enough, the 'pax' utility on Debian is not yet modern.
> 
> Secondly, for maximum portability, I'd like rpkiviews.org archives to
> fit ustar format and just avoid Pax Extended Headers / GNU Extensions
> all together if possible.
> 
> I also don't see an advantage to permitting extremely long (megabytes)
> filename strings and then fail later on when things couldn't fit
> the filesystem.
> 
> The concept of a length limit seems useful, and the ustar-derived length
> limit a good common denominator.


I suspect most limited-length pax will skip files, print a warning for
each file, and carry on.  (That is how our code used to behave).

Now, you want rpki-client to skip files, print a warning, and carry on.

In either case, the files are skipped.

I don't understand the difference.