On Thu, 14 Jun 2018 at 17:53, Zbigniew Jędrzejewski-Szmek
<zbyszek@xxxxxxxxx> wrote:
[..]
> We put the bar for _security_ measures much higher then mere inconvenience.
> In fact we know that users have been installing software in ~/
> successfully before this change, and it doesn't allow them to do
> anything they couldn't do before. Likewise, it doesn't allow attackers
> to do anything new. So people who consider this irrelevant for security
> assume that mere inconvenience _is not_ a hurdle for the attacker.
> Nevertheless, mere inconvenience _is_ a problem for many users.
It is huge difference between what exact users are doing with
distribution resources and what kind of new possibilities opens OOTB
set of distribution settings.
If someone wants to keep own savings in the tin on the front of his
home that it is someone private business but please do not ask nearest
bank to do the same!!!
Puting any paths on the FRONT of the $PATH which _does not point to
the paths_ where all distribution executables are installed is nothing
more like opening pandora box.
Many people here gently been pointing on the issue without showing
real POC how to use this.
I think that it may force someone to put publically some POC showing
how to use this.
I see almost between the lines that I'm not only person here which
such POC already _has_.
_Nothing_ in distribution resources so far REQUIRES to have ANY
ADDITIONAL paths on the front of the $PATH which are not pointing to
/usr/{,s}bin.
Can someone disprove above line or show me exact package which needs
such settings?
And again: this is not about what some persons wants to have but what
distribution resources (as finite machine with set of possible state
strong as continuum) requires.
If anyone would be able to agree with this should automatically cause
ACTION getting rid of those paths out of distribution OOTB settings.
If some users want to have paths like ~/.local/bin,
/usr/local{bin,sbin} on the the front of the $PATH it is possible to
do this by install additional package like fedora-for-vegans. Isn't
it? In such package with altering $PATH should land whole /usr/local
tree.
All talks about making some end users life "easier" (whatever it
means) IMO is pure BS/bollocks.
I think that such real demand to "make Fedora eazier" is highly
overestimated or over exaggerated.
Let's see how many people will be using such package concisely to
recognize REAL demand.
Nevertheless still no one answered on very simple question. So I'll repeat it:
Why Fedora _must_ offer OOTB ~/.local/bin, /usr/local{s,}bin paths on
the front of the $PATH in OOTB settings?
kloczek
--
Tomasz Kłoczko | LinkedIn: http://lnkd.in/FXPWxH
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx/message/UPZORYRVRSUF6DM2JLKRDPPHHMJDUWF7/
