Re: Prioritizing ~/.local/bin over /usr/bin on the PATH
Well said, there is no catchy name for this (virtual) security threat. We will have to let one of those that oppose this proposal to find a caching name (PATHEXIT?), maybe even build a paper explaining how to mitigate it. I am bit disappointed because other distributions fixed it, even twice after a temporary regression due to a mistake. We never did it. Now that we have a change proposal, how to continue? To get it accepted or rejected, is there a way/process that we need to follow? Should we maybe add a section to the document with supporters and opposers where people can record themselves? Thanks Sorin signature.asc Description: Message signed with OpenPGP ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org/message/VXFYSGI372TMRE5YRATKR4SKV4LXOMDV/
Re: Prioritizing ~/.local/bin over /usr/bin on the PATH
I ended up creating https://fedoraproject.org/wiki/Changes/UserPathPrioritization and I invite others to improve its description. -- /sorin On Tue, May 29, 2018 at 9:25 AM, Miro Hrončok wrote: > > > On 29.5.2018 09:34, Sorin Sbarnea wrote: > >> What do we need to do to make Fedora do the right thing (add it to the >> top of the list), just like Debian/Ubuntu. I am sure that they had similar >> discussions and in the end they decided to do the right thing. >> > > A Fedora change proposal. > > https://fedoraproject.org/wiki/Changes/Policy > > -- > Miro Hrončok > -- > Phone: +420777974800 > IRC: mhroncok > ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org/message/VB2E4CRXYFXXISRWK2YXPVSTM4OWSAJO/
Re: Prioritizing ~/.local/bin over /usr/bin on the PATH
Does this discussion had any outcomes? I tried to find any conclusions in the thread but I missed to spot them. I am asking this because I was redirected to this thread after I opened a bug on RHEL for the same issue, bug that was closed hours later as NOTABUG, something I do not agree with. What do we need to do to make Fedora do the right thing (add it to the top of the list), just like Debian/Ubuntu. I am sure that they had similar discussions and in the end they decided to do the right thing. RHEL bug https://bugzilla.redhat.com/show_bug.cgi?id=1583227 (bad description, see comments). PS. For those worried that their user installed tools (~/.local/bin) may introduce surprises, here is a hint: you can always run commands in a non-login shell which would only use the system default PATH which does not include the user one. This is the right way to isolate yourself from user config, not by avoiding to fix the bashrc PATH order. Remember that user can always edit his profile files and modify the PATH order, something that would have the same kind of effect as installing the tools. Thanks Sorin Sbarnea ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org/message/CHGANTE6DYFBB6K73BL4HJH7SJGA3MZJ/