On Thu, May 15, 2014 at 11:10 AM, Chris Marshall <devel.chm...@gmail.com> wrote:
> Not familiar with MSI details but I hope any changes
> won't be a problem for SPP which is useful because
> it *doesn't* require special permissions---just enough
> to create the folder...

This has nothing to do with MSI, but with putting a directory on the
PATH to which the user has write access.  Essentially all scripting
languages do this to allow the user to install additional modules
easily, but security companies like to put out alerts about this...

It is not a new issue; here is the ActiveState position about the same
issue with ActivePerl:

https://community.activestate.com/node/9199

TL;DR: The default is more convenient for most users; it is trivial
for users to apply more restrictive ACLs if they are bothered about
it.

Cheers,
-Jan

Reply via email to