Re: Prioritizing ~/.local/bin over /usr/bin on the PATH

Thu, 03 May 2018 09:25:35 -0700 

On Thu, 3 May 2018, Tomas Orsava wrote:

> pip actually checks if ~/.local/bin is on the PATH and prints a warning if it
> isn't. But nobody predicted that ~/.local/bin might be on the PATH but only
> behind /usr/bin. That breaks the intuitive expectation that things installed
> closer to the user should take priority. Python works like that.

It is easy to get into a bike-shed painting contest about what 
is and is not 'intuitive'

But there is also the expectation of 'least surprise' in a 
Unix (tm) culture, and I think it is rather without question 
that:
        PATH is initially set by conscious design at 
        deployment, and have NOT included per user 
        variations as a default as a matter of 'how we got here'


By convention additions to the path come LAST in priority, 
because of well known privilege escalation attack approaches 
(the incautious admin sits down at a 'trapped' nominally sick 
workstation, and fails to use a fully qualified path to 'su' 
or 'sudo' , or omits to add the '-' to cause PATH cleansing).  
Incautious admins do this do this once, git bitten, and learn 
their lesson to use fully qualified paths on workstations, on 
in accounts, they do not control.  I _understand_ that there 
are lots of ways to seek escalated privileges in *nix ... 

But do we really need to be adding MORE, and hidden ones with:

        a. 'breaks expectation' early in the PATH precedence?

        b. 'invisible' directories in the PATH

Local convention here is a ~/bin/ directory, and I think this 
is a widely observed one


I understand the assertion that 'the next new thing' may well 
have lurked unread and unimplemented, and not been widely 
implemented until recently, adding:
        ~/.local/
- or -
        ~/local/


But defaulting to this needs to be generally accepted, 
detailed in Release Notes, well communicated, and easy to 
revert out.  It is NOT something that one user asking for it, 
and an XKCD cartoon should drive

I would suggest this is a major change, and needs 
Fedoraproject Council 'buy in' as to a plan for change, rather 
than simply being imposed by fiat

-- Russ herrold
_______________________________________________
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org

Reply via email to