On Fri, Jan 26, 2018 at 01:52:10PM +0200, mazocomp wrote: > On Fri, Jan 26, 2018 at 12:28:00PM +0100, Marc Espie wrote: > > On Fri, Jan 26, 2018 at 12:56:15PM +0200, mazocomp wrote: > > > Hi! > > > > > > Is this a really good idea to keep wxallowed flag on /usr/local by > > > default? Is this so scary that many poop software will break (this is > > > not a big loss at all)? After all not enabling this flag by default is > > > the right thing to do, reliance on W|X should go to /dev/null > > > > > > The only problem I see after removing this flag and removing python > > > is that it also removes packages which, for example, have > > > devel/desktop-file-utils in run dependencies, but they work without it. > > > > I don't see your patches for fixing the rather important shit that still > > requires wxallowed. > > > > So you mean broken packages are more important than system's default > security? Was that true when ProPolice was enabled by default?
Obviously, you don't understand the difference between fixing factually broken software and enforcing supplementary restrictive semantics on top of the traditional posix api that actually requires actual changes to adapt.
