On Sun, 10 Jun 2018 at 21:02, Sorin Sbarnea <ssbar...@redhat.com> wrote: > > Well said, there is no catchy name for this (virtual) security threat. We > will have to let one of those that oppose this proposal to find a caching > name (PATHEXIT?), maybe even build a paper explaining how to mitigate it. > > I am bit disappointed because other distributions fixed it, even twice after > a temporary regression due to a mistake. We never did it. > > Now that we have a change proposal, how to continue? To get it accepted or > rejected, is there a way/process that we need to follow? > > Should we maybe add a section to the document with supporters and opposers > where people can record themselves?
I would be way more interested of real arguments about why someone is trying to add those $PATH modifications. So far only "argument is that someone proposed those changes without justification except that some other people added something like this to some "specification" in which is not possible to find what class of the cases solves/handles/improves. kloczek -- Tomasz Kłoczko | Tel: 0774 1209067 | LinkedIn: http://lnkd.in/FXPWxH _______________________________________________ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org/message/G32OQODR4OD2NWUO7GUIGEORBX67XYY2/
