Once upon a time, Miloslav Trmač <mitr@xxxxxxxx> said: > I don't think this in practice matters _for security_[1]: Even the > users that know ~/bin exists are extremely unlikely to be regularly > checking its contents to see whether a malicious file hasn't been > added. And again, it isn't just directories in PATH. How many users regularly check their shell init scripts (.bash_profile, .bashrc), desktop environment autostart files (.config/autostart, at least for MATE that I'm running at the moment), etc.? I'm pretty security-aware, but I don't go examine all of that under normal conditions. Checking the PATH is a lot easier than checking all the rest of that. I get that some don't like $HOME/.local/bin; that's fine, agree to disagree (I don't really care one way or the other about this one). However, don't try to make it about security; that just isn't really an issue here, no matter how "obvious" you may feel it to be. -- Chris Adams <linux@xxxxxxxxxxx> -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
