Job Snijders <job@bsd.nl> wrote:

> On Wed, May 13, 2026 at 09:01:11AM -0600, Theo de Raadt wrote:
> > I suspect most limited-length pax will skip files, print a warning for
> > each file, and carry on.  (That is how our code used to behave).
> 
> Debian pax just exits with an error.
> 
> > Now, you want rpki-client to skip files, print a warning, and carry on.
> > 
> > In either case, the files are skipped.
> > 
> > I don't understand the difference.
> 
> I think it is good to encourage sane RPKI CA behaviour by imposing
> restrictions in rpki-client.
> 
> For the first time since I started recording history for this (1/1/2026)
> there is a CA (which is only 2 days old) that chooses to use 100+
> character long filenames for their ROA. This is because they encode
> the full ROA payload as hexadecimals in the filename. ROA filenames
> should be fixed-length opaque identifiers. The 'payload as the filename'
> scheme does not align with documented best current practices and wastes
> resources.
> 
> Best to nip this in the bud and disallow it.

You could limit filenames inside a directory to 14 characters, to satisfy
all Unix variants.

I think you are upset about long paths for other reasons, and have hunted
for a justification.