Re: Prioritizing ~/.local/bin over /usr/bin on the PATH

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




On 15/06/18 19:52, Przemek Klosowski wrote:

> I have mixed feelings about that. On one hand,  I agree that this is NOT
> a serious security issue (it's essentially a local compromise requiring
> an existing local compromise), so if someone claims it'll make their
> life easier, I want to say 'just do it'.
> 
> On the other hand, I am uneasy about the whole thing: the PATH ordering
> only matters for system-provided software, so we're essentially either
> acknowledging that we can't keep up with a decently updated
> distribution, or accommodating a very small group that needs cutting
> edge stuff that is not relevant to the vast majority of users.

+1

This is now a very long thread dominated by the security questions like
"what if?". Nothing bad in that, but we need to keep some focus also on
the usecases to be able to make the inevitable trade-off between
usability and security.

The usecase represented by npm et. al. is important. To have the
platform so secure that these environments doesn't work out of the box
is probably to shoot ourselves in our feet.


Cheers!

..alec
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx/message/VWGIFKY7E3N4KCAGGH4E5RTXC5KMFX7W/




[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Users]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]

  Powered by Linux