Hi,
On Thu, Jun 07, 2018 at 05:15:04PM +0100, Tomasz Kłoczko wrote:
> No one points on things like discussion on:
> - common specs coding style
> - cutting number of %iffings (and use instead SCM branches which git offers)
> - cutting legacy tails like still using tons of scriptlets which can be
> easily cleaned of remove dependencies on initscripts and maaany more like
> this which could make at least @core solid fundamentals other features
> - cutting number of dependencies (how many years ago was first discussion
> about use --as-needed in linker options?)
for this we need people to actually to the work. As a FESCo member it is
possible to support initiatives for this and I support a more
collaborative package maintainership that enables contributors to easier
to mass changes to improve packages. Nevertheless without someone
interested to do the ground work we will not get there.
> - caring about quite basic security (look decision about add ~/.local/bin
> to the $PATH and complete kind of "desinteressement" about remove
> /usr/local/{bin,sbin} from already used $PATH which widely opens hell gates
> for malwares).
You should not confuse disagreeing on the security implications of a
setting with not caring about security. And it is best practices to
provide a proof-of-concept when reporting a security issue. If you show
one that allows to to get access to a web server that serves this CGI
script:
---
#! /usr/bin/bash
PATH=${HOME}/bin:${HOME}/.local/bin:/usr/local/bin:/usr/local/sbin:${PATH}
id
---
This was vulnerable to Shellshock, a serious security vulnerability. I
am very interested to see how changing the PATH changes makes it
significantly easier to exploit this script.
> Second most important goal on which candidates are focused is how internal
> Fedora infrastructure works.
>
> No one of the candidates seems is aware that people are leaving Fedora boat
> (look on distrowatch.com or
> https://w3techs.com/technologies/details/os-linux/all/all and few other
> similars stats) not because Modularity still doesn't work (and will never
> work as no one will not change some fundamental bits in rpm). Most of the
What is the reason for this in your opinion?
> candidates seems are completely unaware that end users of they work (binary
> packages) simple don't care about how all Fedora stuff is build but HOW IT
> WORKS.
There was not question like "What do you think end users care about?",
therefore I do not see how you came to this conclusion. However, I have
the opinion that we need high quality tools to build high quality
packages. Otherwise we will make more mistakes or have less time to
focus on the tasks that need human intervention.
> On top of this more and more decisions in Fedora seems are made in less and
> less transparent and well technically justified way.
Which decisions are you referring to?
Kind regards
Till
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx/message/MFMQSEZUVPLEUX3AMF4CGQGI5QOAUU5Q/
