On 30.06.21 16:34, Florian Weimer wrote:
It breaks integration with system-wide settings, such as user/group databases, host name lookup, and cryptographic policies. In many environments, that is not really an option.
Not necessarily, these can still be applied (and fairly simple). You actually have to twist more extra knobs if to wanted those weird things to happen. The only thing that won't work easily is when the operator forces some custom libraries to be loaded arbitrarily into all processes. Yes, somebody could write his own nss plugins, but that's exactly the kind of audience that does NOT just use those (especially old) binary-only distros. In over 20 years, being inside dozens of corporations, I've only seen that exactly once. And it was me doing that. I actually wonder which kind of binary only application that shall be that's actually affected by that problem and actually used in the field that way. Do you have some actual practical (not theoretical) example ? By the way: today's method of choice for delivering binary only software is containers. (and I'd even count things like Steam into that category). --mtx -- --- Hinweis: unverschlüsselte E-Mails können leicht abgehört und manipuliert werden ! Für eine vertrauliche Kommunikation senden Sie bitte ihren GPG/PGP-Schlüssel zu. --- Enrico Weigelt, metux IT consult Free software and Linux embedded engineering info@xxxxxxxxx -- +49-151-27565287
