On Tue, 2015-11-17 at 17:30 +0000, Andrew Haley wrote:
On 11/02/2015 03:05 PM, Adam Jackson wrote:
> But, why take the risk exposure, when you could simply not?
How else would I edit root-owned files? I don't get it. I mean,
I guess I could run an editor in a text window, but I don't want to
That's kind of a non sequitur. To a first order, there are zero root-
owned files you need to edit routinely. And I feel pretty comfortable
calling any counterexamples bugs that need fixing.
And finally, it's *my computer*, dammit.
In the threat model being described, no, it is not, there's another
agent on the system subverting your use of it.
You are of course free to disregard that risk, or measure it in the
event and conclude it's safe enough, and in many cases it will in fact
be safe. Great, fine, that's a conclusion a consumer can come to. But
in the Fedora context we are the producer, not the consumer. Developing
an operating system means considering what is best in the general case,
and in the general case, if using the system requires a known-dangerous
configuration, we've done our job poorly.
Phrased another way: no, it's not *your computer* we're talking about
here. The computer in question rightfully belongs to someone else; we
are here discussing how to be responsible for the code they allow us to
run on it.