On Thu, May 15, 2014 at 11:10 AM, Chris Marshall <devel.chm...@gmail.com> wrote: > Not familiar with MSI details but I hope any changes > won't be a problem for SPP which is useful because > it *doesn't* require special permissions---just enough > to create the folder...
This has nothing to do with MSI, but with putting a directory on the PATH to which the user has write access. Essentially all scripting languages do this to allow the user to install additional modules easily, but security companies like to put out alerts about this... It is not a new issue; here is the ActiveState position about the same issue with ActivePerl: https://community.activestate.com/node/9199 TL;DR: The default is more convenient for most users; it is trivial for users to apply more restrictive ACLs if they are bothered about it. Cheers, -Jan