<<< Date Index >>>     <<< Thread Index >>>

Re: [PATCH] Remove absolute paths from gpg.rc



On 2007-03-25 08:31:46 +0000, Dave wrote:
> On Sun, Mar 25, 2007 at 04:11:35AM +0200, Vincent Lefevre wrote:
> > Now, if software writers make bad decisions, that's the fault and
> > responsibility of the sysadmin himself? Great!
> 
> Making a compile-time option isn't a bad decision if the default
> yields correct behavior.

There first needs to be an agreement on what the correct behavior is.

> ...but at any rate, a sysadmin is responsible for the software he
> installs, and if he installs badly written software (i.e., software
> with bad decisions) without fixing it (i.e., reversing the bad
> decisions), he's not really doing his job too well. . .

The sysadmin is certainly not responsible if some software has a
security hole (or a buggy behavior that can lead to a security hole),
unknown to him.

[thousands of programs]
> > Unfortunately, system administrators can't do anything about that.
> 
> As programmers, we can make their job easier, by not adding to the
> pile of UNIX-incompatible software out there. (This is the Mutt-Dev
> list, after all, not some sort of Mutt-Admins list.)

I entirely agree.

> > > I've already explained several times that the user doesn't own
> > > the system.
> > 
> > You don't know what you're talking about.
> 
> If I'm a user on a corporate server, I don't own the system. I don't
> suppose you disagree with me there. . .

In *your* case, the doesn't own the system. There are other places
where the user partly owns the system (well, participates to the
decisions, at least).

> > > The physical user is governed by the owner of the system.
> > 
> > Which is not the system administrator.
> 
> The owner of the system hires the system administrator to carry out
> his wishes. I strongly doubt you'd hire a sysadmin who didn't
> represent your interests to administer your system. In other words,
> the sysadmin is (an agent of) the owner.

You're playing with words. But at some places, the user*s* (partly)
decide what should be done. If some option is configure-time instead
of run-time, then a part of the users will not be pleased.

> > > > And what about binary distributions?
> > > 
> > > By GPL, they must include source.
> > 
> > What does this change?
> 
> You've trimmed out some essential context. The GPL ensures that a
> user can fix and/or reconfigure software, if necessary.

Said otherwise, the user does the sysadmin's job.

> > The advantage of binary distribution is to
> > avoid recompilation.
> 
> Right, but that doesn't prevent you from getting the source and
> recompiling anyway,

As a user, I already spend to much time recompiling programs on
various architectures (for various reasons).

> if you'd like to reverse a stupid decision made by the distributor.

So, Mutt's configure shouldn't allow stupid decisions.

BTW, if Mutt wants to prevent the user from using his own $PATH,
it should also forbid shell execution and more generally, arbitrary
program execution (such as the well-known /usr/bin/env wrapper).

-- 
Vincent Lefèvre <vincent@xxxxxxxxxx> - Web: <http://www.vinc17.org/>
100% accessible validated (X)HTML - Blog: <http://www.vinc17.org/blog/>
Work: CR INRIA - computer arithmetic / Arenaire project (LIP, ENS-Lyon)