Re: Crypto consolidation in debian ?

To: debian-devel@lists.debian.org
Subject: Re: Crypto consolidation in debian ?
From: Andreas Barth <aba@not.so.argh.org>
Date: Sun, 1 May 2011 15:17:14 +0200
Message-id: <[🔎] 20110501131714.GE15003@mails.so.argh.org>
Mail-followup-to: Andreas Barth <aba@not.so.argh.org>, debian-devel@lists.debian.org
In-reply-to: <[🔎] 20110501130818.GT13524@codelibre.net>
References: <BANLkTinOV0W=O1tQM1jk2GzhvGPXn3k_pA@mail.gmail.com> <87liywlikq.fsf@windlord.stanford.edu> <BANLkTimkr59-OymRN=FHV8+E6gH=ic2DBw@mail.gmail.com> <87vcxz8xo2.fsf@windlord.stanford.edu> <20110427164643.GJ13524@codelibre.net> <87vcxy34kj.fsf@latte.josefsson.org> <[🔎] ja0098-mlf.ln1@argenau.downhill.at.eu.org> <[🔎] 20110501130818.GT13524@codelibre.net>

* Roger Leigh (rleigh@codelibre.net) [110501 15:08]:
> Even if the NSS situation changes, surely it's immediately obvious
> that a random library function should not tamper with the uid of a
> process as a side-effect?  Unless the caller explicitly requested
> dropping of root privs, no library has *any* business in changing it.

I miss (not only here) the principle:
                 First, do no harm.

Which are totally failed by a library changing uids on it's own.



Andi

Reply to:

References:
- Re: Crypto consolidation in debian ?
  - From: Andreas Metzler <ametzler@downhill.at.eu.org>
- Re: Crypto consolidation in debian ?
  - From: Roger Leigh <rleigh@codelibre.net>

Prev by Date: Re: Crypto consolidation in debian ?
Next by Date: Re: Crypto consolidation in debian ?
Previous by thread: Re: Crypto consolidation in debian ?
Next by thread: Re: Crypto consolidation in debian ?
Index(es):
- Date
- Thread