minitar-cli aims to be secure by default. The supported commands (create,
list, and extract) accept input from standard input (when provided -) or a
filename, where the string provided is treated as a filename.
For security issues arising from the contents of a tarball should be reported for minitar.
Security reports are accepted only for the most recent major release. As of December 2024, that is the 1.0 release series. Older releases are no longer supported.
By preference, use the Tidelift security contact. Tidelift will coordinate the fix and disclosure.
Alternatively, Send an email to minitar@halostatue.ca with the text
Minitar in the subject. Emails sent to this address should be encrypted using
age with the following public key:
age1fc6ngxmn02m62fej5cl30lrvwmxn4k3q2atqu53aatekmnqfwumqj4g93w