On Wed, Jul 27, 2011 at 10:36:08AM -0400, Bernd Stramm wrote: > > c) there's a spec about ~/.local/bin already accepted by a friendly > > project > > This is STILL a security risk, even if somebody calls it a standard. This is STILL a claim without any proof, even if somebody repeats it every time. Does everybody calling this "security risk" check periodically his $PATH for a dot? (what does $PATH contain? don't look at it before answering) Are you periodically checking your ~/bin (do you know what's inside without looking there right now)? Are you periodically checking your ~/.bash* startup files for suspicious aliases and functions, includes? If you are _not_ watching really carefully your $HOME, this will not bring new security risk for your machine (all are already there). On the other way if you do so, again this will not bring new security risk to your machine. -- Regards, Marian -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
