Re: [PATCH] Remove absolute paths from gpg.rc
On 2007-03-25 08:31:46 +0000, Dave wrote:
> On Sun, Mar 25, 2007 at 04:11:35AM +0200, Vincent Lefevre wrote:
> > Now, if software writers make bad decisions, that's the fault and
> > responsibility of the sysadmin himself? Great!
>
> Making a compile-time option isn't a bad decision if the default
> yields correct behavior.
There first needs to be an agreement on what the correct behavior is.
> ...but at any rate, a sysadmin is responsible for the software he
> installs, and if he installs badly written software (i.e., software
> with bad decisions) without fixing it (i.e., reversing the bad
> decisions), he's not really doing his job too well. . .
The sysadmin is certainly not responsible if some software has a
security hole (or a buggy behavior that can lead to a security hole),
unknown to him.
[thousands of programs]
> > Unfortunately, system administrators can't do anything about that.
>
> As programmers, we can make their job easier, by not adding to the
> pile of UNIX-incompatible software out there. (This is the Mutt-Dev
> list, after all, not some sort of Mutt-Admins list.)
I entirely agree.
> > > I've already explained several times that the user doesn't own
> > > the system.
> >
> > You don't know what you're talking about.
>
> If I'm a user on a corporate server, I don't own the system. I don't
> suppose you disagree with me there. . .
In *your* case, the doesn't own the system. There are other places
where the user partly owns the system (well, participates to the
decisions, at least).
> > > The physical user is governed by the owner of the system.
> >
> > Which is not the system administrator.
>
> The owner of the system hires the system administrator to carry out
> his wishes. I strongly doubt you'd hire a sysadmin who didn't
> represent your interests to administer your system. In other words,
> the sysadmin is (an agent of) the owner.
You're playing with words. But at some places, the user*s* (partly)
decide what should be done. If some option is configure-time instead
of run-time, then a part of the users will not be pleased.
> > > > And what about binary distributions?
> > >
> > > By GPL, they must include source.
> >
> > What does this change?
>
> You've trimmed out some essential context. The GPL ensures that a
> user can fix and/or reconfigure software, if necessary.
Said otherwise, the user does the sysadmin's job.
> > The advantage of binary distribution is to
> > avoid recompilation.
>
> Right, but that doesn't prevent you from getting the source and
> recompiling anyway,
As a user, I already spend to much time recompiling programs on
various architectures (for various reasons).
> if you'd like to reverse a stupid decision made by the distributor.
So, Mutt's configure shouldn't allow stupid decisions.
BTW, if Mutt wants to prevent the user from using his own $PATH,
it should also forbid shell execution and more generally, arbitrary
program execution (such as the well-known /usr/bin/env wrapper).
--
Vincent Lefèvre <vincent@xxxxxxxxxx> - Web: <http://www.vinc17.org/>
100% accessible validated (X)HTML - Blog: <http://www.vinc17.org/blog/>
Work: CR INRIA - computer arithmetic / Arenaire project (LIP, ENS-Lyon)