Putting ~/bin at the end of the path increases security. That is enough to end the argument.
If the user wants to override system tools, then they can just as easily rearrange their path to have ~/bin at the beginning. In fact, that's congruence: a user savvy enough to install their own tools to ~/bin _and_ want them to override system tools is likely savvy enough to edit their path. A user who isn't savvy isn't going to be able to figure out why "cd <anywhere>" always takes them to /you-got-punked. Default to more security, not less. The amount of security gained is irrelevant as there is no cost to doing it right. The fallacy of "I can't imagine a scenario where ~/bin at the start of the path is a bigger security issue than if it's at the end of the path" is the same fallacy as "I can't break this encryption algorithm I wrote, therefore it's unbreakable." Ubuntu 14.04 is also broken in that, after ~/bin is created, the user has to a) re-source .profile, or b) logout and login. Ubuntu 16.04 has at least fixed that, despite having the same security issue. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/684393 Title: $PATH discrepency when ~/bin exists To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/bash/+bug/684393/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
