Adding ~/.local/bin to default PATH
Bernd Stramm
bernd.stramm at gmail.com
Thu Jul 28 14:38:05 UTC 2011
On Thu, 28 Jul 2011 15:34:34 +0200
Marian Ganisin <mganisin at redhat.com> wrote:
> On Wed, Jul 27, 2011 at 10:36:08AM -0400, Bernd Stramm wrote:
> > > c) there's a spec about ~/.local/bin already accepted by a
> > > friendly project
> >
> > This is STILL a security risk, even if somebody calls it a standard.
>
> This is STILL a claim without any proof, even if somebody repeats it
> every time.
You need proof that putting executables in hidden directories makes it
easier to do phishing?
>
> Does everybody calling this "security risk" check periodically his
> $PATH for a dot? (what does $PATH contain? don't look at it before
> answering) Are you periodically checking your ~/bin (do you know
> what's inside without looking there right now)? Are you periodically
> checking your ~/.bash* startup files for suspicious aliases and
> functions, includes?
It creates more work for those who look in ~/bin. They now have to
also look in a hidden directory.
In addition to that, we now have precedence that a simple yum update
changes where you have to look in your path inside $HOME. That is bad.
Aside from that, adding more elements to $PATH makes things more messy,
not cleaner. It slows things down. It creates more work for
maintenance. For what benefit?
--
Bernd Stramm
bernd.stramm at gmail.com
More information about the devel
mailing list