On 07/28/2011 01:22 PM, Bernd Stramm wrote: > On Thu, 28 Jul 2011 13:00:28 +0100 > "Bryn M. Reeves" <bmr@xxxxxxxxxx> wrote: > It is nevertheless an *added* avenue to do some phishing. And for what > benefit? No, it's not; at the very most it's making something very slightly less noticeable but even that is a weak and flawed argument. If your security relies on spotting that a malicious user has placed a rogue binary in ~/bin you're already hosed. > Adding a hidden directory to $PATH will cause people do filter it out > from their $PATH. This leads to more messy use environments, not to > cleaner ones as is the original purpose of this whole thing. > > No, hidden directories should not be in $PATH. If somebody put that in > their standard, those folks should change their standard. Standards can > define things that are wrong, and this is one such case. I'm not especially attached to ~/.local/bin being in PATH (although I do happen to think the approach used by python for --user installations is an elegant solution). What I disagree with is the use of bogus security handwaving to support an argument against it. Regards, Bryn. -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
