https://bugzilla.redhat.com/show_bug.cgi?id=2264719 --- Comment #11 from Cristian Le <fedora@xxxxxxxxx> --- > In the case of blesh, I would hesitate to add it to system's profile.d and affecting all users (think about e.g. university environment). I had the same thought when I initially considered blesh. It seemed to have too many side-effects. `bash-preexec` seems safer in that regards since it doesn't do anything if you don't export to its interface, but these still seem that they should be hardened by a check against root user or non-interactive environment, which could be done as a wrapper, but I don't have a reference to go for. Than there's `atuin` for which I am just :shrug:, but I would probably want to export the file somewhere, at the very least so that if anything is able to scan it for vulnerabilities, it should do so. Another option could be to have the `profile.d` be installed as an optional package, but how would that be named? -- You are receiving this mail because: You are always notified about changes to this product and component You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2264719 Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-spam&short_desc=Report%20of%20Bug%202264719%23c11 -- _______________________________________________ package-review mailing list -- package-review@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to package-review-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/package-review@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
