Update README with related projects and improve tar cmd

[benhylau]

@fauno how does this look?

@YurkoWasHere I am targeting your branch since you're changing README.

[fauno]

+1! thanks!

it's weird about --no-same-permissions that tar's manual says it's default for non-root users. my umask is 0027 and i had to change it to 0022 before site generation or chmod -R o=g _site/ after (so files are 644 instead of 640) before distributed press' server would serve files instead of showing a 403 error.

[YurkoWasHere]

+1! thanks!

it's weird about --no-same-permissions that tar's manual says it's default for non-root users. my umask is 0027 and i had to change it to 0022 before site generation or chmod -R o=g _site/ after (so files are 644 instead of 640) before distributed press' server would serve files instead of showing a 403 error.

Just flagging that no-same-permissions is a extract parameter not a create.

chmod ahead of time is a possibility, but i think some care needs to be taken on extract to make sure they are chmod/chowned correctly.

[fauno]

Just flagging that no-same-permissions is a extract parameter not a create.

yes! it should be added on the API extraction process :)

chmod ahead of time is a possibility, but i think some care needs to be taken on extract to make sure they are chmod/chowned correctly.

+1

[benhylau]

We use tar-fs here and I think we can add:

{
  dmode: parseInt(755, 8),
  fmode: parseInt(644, 8)
}

according to these docs.

[fauno]

according to these docs.

just below that it mentions the readable and dereference flags too! :)

[benhylau]

Cool, missed that. So I guess...

{
  dereference: true,
  readable: true,
  writable: false
}

We'll still need the dereference flag at create bc if someone symlink something outside of the zip, we want the local to include it. This guards against symlinking to our host without having to trust the client though.

[YurkoWasHere]

Good to have two levels of "protection"! +1