On Tue, 2018-06-12 at 12:10 +0100, Tomasz Kłoczko wrote: > On Mon, 11 Jun 2018 at 12:28, Miro Hrončok <mhron...@redhat.com> > wrote: > [..] > > See the change description. > > OK So here is quoted original email with proposal. > > "I'd like to propose putting the ~/.local/bin in front of the > /usr/bin on > the PATH. > > Currently /usr/bin has priority over ~/.local/bin, which causes a > [bug] > where the old system-installed executable written in Python (from > /usr/bin) is launched, but it finds new Python sources (installed > into > $HOME) which it doesn't work with and crashes. > > [bug] https://bugzilla.redhat.com/show_bug.cgi?id=1571650 > > I believe the current configuration breaks the intuitive expectation > that things installed closer to the user should take priority. That's > for example how it works with Python. > Interestingly, ubuntu and opensuse do not have ~/.local/bin on their > PATH (though Ubuntu has ~/bin) so we can't take guidance there. > > Does anyone see a reason not to prioritize ~/.local/bin over > /usr/bin?" > > At the end of the proposal is the question about potential reasons > why > this change should not be included, and answer on exactly this > question has been provided in this thread several times in different > forms and by more than one person. > > Most of us knows that sometimes it is really hard to find answer on > some question or prove some theories/thesis. Logick gives perfect > tool > to open such hard nuts sometimes instantly. > https://proofwiki.org/wiki/Negation_of_Conditional_implies_Negation_o > f_Consequent > So called CPA (Conditional Proof Assumption) says that If it is hard > to answer on the original question straight just try to negate > original formula/postulat/question than continue work on negated one. > I'll add to this thread kind of CPA question: > > What this change fixes, improves or makes possible in context of > pure/only distribution resources? > > Second part of above question is really crucial. What started > #1571650 > wend to "proposal" of the change of the distribution resources > behaviour. > Was it correct step? What if this ticket would be about "unexpected > behavior" of the python in case of installing something in /opt? What > about other prefixes? Does "positive reaction" on such "needs" should > imply/justify opening discussion on fiddling in distribution OOTB > $PATH??? > IMO definitely *NO*!!! > > Just FTR: So far I was unable to find in any of the fredesktop.org or > other specs (https://www.freedesktop.org/wiki/Software/) things like > requirement use /usr/local{bi,sbin} or ~.local/bin in $PATH (and > especially on the front of thes env variable). I would be really glad > to find original reason why paths like /usr/local{bi,sbin} have been > added to OOTB $PATH and why someone has been thinking that those > paths > should be added on the front of the $PATH. > > I can only guess that most of the people reading this thread and > still > not able to identify any danger from security angle may be thinking > that fiddling in the $PATH isn't dangerous or it may be dangerous > only > when someone is typing some commands into shell prompt. > If it is like this this impression is wrong and I'm 100% sure at > least > few people (not only me) commenting in this thread could have no any > difficulty to show that it is really only impression. > > kloczek > -- > Tomasz Kłoczko | LinkedIn: http://lnkd.in/FXPWxH > _______________________________________________ > devel mailing list -- devel@lists.fedoraproject.org > To unsubscribe send an email to devel-le...@lists.fedoraproject.org > Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelin > es > List Archives: https://lists.fedoraproject.org/archives/list/devel@li > sts.fedoraproject.org/message/EI62XGJANQ4ZX3XC3MDQXY5T2UZLQGNY/ I haven't followed all of this thread, too self busy. However there is a security argument. If you have a local executable directory, then the capability for malicious software to attach is wide open for that user, whatever their privelege level might be.
Most businesses that have linux in their suite, won't want a ~/.bin anywhere in their organization. Les H _______________________________________________ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org/message/OLCYVX5L74NYFHJJJ76DB5O4MIE2KFPQ/
