Stephen Hahn wrote: > * Alan Coopersmith <alan.coopersmith at sun.com> [2008-08-19 15:05]: > >> Shi-Ying Irene Huang wrote: >> >>> 4.1. Details: >>> GNU findutils is an opensource package which provides utilities to >>> find files meeting specified criteria and perform various actions on >>> the files which are found. This package contains 'find', 'xargs', and >>> 'locate'. >>> >>> GNU find is faster than Solaris find and has more functions, it was a >>> cleanroom implementation. And even has xargs funcionality built inside, >>> but xargs is also kept separate for convenience. >>> >>> There is another project delivering slocate: LSARC 2008/447 >>> Which is the secure version of locate. So locate won't be delivered >>> with findutils. >>> >> Doesn't that violate the principle of the familiarity projects? Users know >> about locate, ask us often for a locate command - if there is no command in >> the path named locate, then we've failed to provide familiarity. >> > > I agree with Alan; dropping locate for slocate isn't necessary. You > can deliver > > /usr/gnu/bin/locate > > to keep the expectation around that findutils is the entirety of the > package. (You could also deliver /usr/bin/glocate, but I don't think > that's necessary or expected.) > > - Stephen > > locate is a clear security risk. For familiarity locate command should be an alias to slocate executable.
Luis
