Re: Bug#282067: yes!

To: debian-policy@lists.debian.org
Subject: Re: Bug#282067: yes!
From: Colin Watson <cjwatson@debian.org>
Date: Tue, 21 Dec 2004 19:18:47 +0000
Message-id: <[🔎] 20041221191847.GH18309@riva.ucam.org>
Mail-followup-to: debian-policy@lists.debian.org
In-reply-to: <[🔎] 871xdjv6fs.fsf@whinlatter.whinlatter.ukfsn.org>
References: <[🔎] 20041221145124.GA14075@cirrus.madduck.net> <[🔎] 871xdjv6fs.fsf@whinlatter.whinlatter.ukfsn.org>

On Tue, Dec 21, 2004 at 06:42:47PM +0000, Roger Leigh wrote:
> martin f krafft <madduck@debian.org> writes:
> > also sprach Wouter Verhelst <wouter@debian.org> [2004.12.21.1531 +0100]:
> >> > You are failing to acknowledge Debian's position wrt to innovation.
> >> > Upstream will change after the FHS changed. The FHS will change
> >> > after Debian showed them the benefits.
> >> 
> >> What benefits?
> >
> > Less clutter in ~ in the long run. More order in the hierarchy.
> 
> And security.  All your config files are under a single directory.
> With ~/etc, I can make my ~ 0755 and ~/etc 0700.  You could set the
> perms individually for each dotfile, but this way you have more safety
> (as for ~/.gnupg and ~/.ssh).

I think this is a misconception of security. I explicitly want many of
my dotfiles to be readable, but if programs start relying on ~/etc being
0700 for protection of confidential information in the dotfiles they
create, then I will no longer be able to safely allow this.

There is a very simple way to ensure confidentiality of information in
dotfiles involving a change in exactly the right place, and that's to
make the confidential dotfiles themselves mode 0700 on creation, or to
create a 0700 subdirectory as ssh does. This is already implemented in
pretty much everything where it really matters. Relying on 0700 ~/etc
will in the long run only create security problems by setting false
expectations, not solve them.

> Another benefit is uniformity for programmers.

Anything but, since this change will never be universal. Instead, we
will have widespread confusion, particularly for those users with home
directories shared (by NFS etc. or by revision control) among disparate
operating systems, but also for developers seeking to make their code
portable to the home directory standards of different systems.

Consider: before now, there wasn't even a *concept* of differing home
directory standards among different Unix systems. If this proposal goes
through, everyone writing or using Unix software will have to deal with
the differences when they previously did not. That's an incalculable
number of man-hours spent tweaking filenames, for what? A little bit of
extra tidiness for folks who use 'ls -a'?

Plus, why shouldn't it be ~/.etc anyway? Now we have to have $DOTDIR or
something, and you have to be compatible with the programs (e.g. trn)
that already implement something like this. On the other hand, at least
honouring $DOTDIR would be better than simply hardcoding ~/etc ...

> I think ~/etc is a good idea,

I think it's a dreadful idea with poor reasoning, little planning, few
meaningful benefits, and an unreasonable number of detriments.

The only good way I can see to implement this proposal is to make a
recommendation that programs honour $DOTDIR as the location for their
dotfiles, and then those users who wish to move their dotfiles can do so
without creating pain for those users who don't.

> If we did force this change, we do stand to sacrifice a lot of
> goodwill, so unless the benefits really stand out, is it really worth
> it?

I definitely don't think it's worth it.

Cheers,

-- 
Colin Watson                                       [cjwatson@debian.org]

Reply to:

References:
- Re: Bug#282067: yes!
  - From: martin f krafft <madduck@debian.org>
- Re: Bug#282067: yes!
  - From: Roger Leigh <rleigh@whinlatter.ukfsn.org>

Prev by Date: Re: Bug#282067: yes!
Next by Date: Re: Bug#282067: No!
Previous by thread: Re: Bug#282067: yes!
Next by thread: Re: Bug#282067: yes!
Index(es):
- Date
- Thread