On Tue, Oct 18, 2016 at 06:03:28PM +0200, Jakub Wilk wrote: > The WTFness of this code is certainly way above what we're normally used to, > but (AIUI) it's only used as a fallback for nodejs < 4. Debian currently has > 4.6.0.
In that case, perhaps this package isn't needed in Debian at all? > > If you assume /root is root's home directory, and it's actually someone > > else's directory, and you trust /root/.ssh/authorized_keys is root's > > authorized ssh keys, you're going to have a bad time. > > Er, no. Making /root writable to another user is almost as clever as making > /bin or /etc writable to others. A sysadmin who does that must be prepared > to suffer consequences. Agreed. Bad example, mea culpa. -- I want to build worthwhile things that might last. --joeyh
Description: PGP signature