On 29 May 2018 at 09:25, Miro Hrončok <mhroncok@xxxxxxxxxx> wrote:
Using env (still dnf shows that more than 250 packages is using /usr/bin/env) or paths in $PATH pointing to the location where there is no distribution binaries is extremely dangerous, and I'm really surprised that no one looks on those already discussed here issues (and few similar or related) as SERIOUS SECURITY TREAT to whole distribution.
On 29.5.2018 09:34, Sorin Sbarnea wrote:
What do we need to do to make Fedora do the right thing (add it to the top of the list), just like Debian/Ubuntu. I am sure that they had similar discussions and in the end they decided to do the right thing.
A Fedora change proposal.
https://fedoraproject.org/wiki/Changes/Policy
Does such reply mean that maintainers of some critical packages like pam, util-linux are completely not interested to even have opinion about the subject or to provide expertise?
If it is the case rising the change proposal IMO does not make any sense.
Using env (still dnf shows that more than 250 packages is using /usr/bin/env) or paths in $PATH pointing to the location where there is no distribution binaries is extremely dangerous, and I'm really surprised that no one looks on those already discussed here issues (and few similar or related) as SERIOUS SECURITY TREAT to whole distribution.
kloczek
--
Tomasz Kłoczko | LinkedIn: http://lnkd.in/FXPWxH
_______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx/message/3E72TSAQTN5WW3S7A2L2UJRVEFFP3SDP/