Re: RC Security Flaw - mkdir & script create as 755, 644. SB &700, yes?
On Mon, Feb 25, 2002 at 10:45:49PM -0600, Manoj Srivastava wrote:
> Debian is known to be a rock solid OS, which is sane, easy to
> maintain, and does not dumb itself down in order to be useful to less
> knowledgeable users.
None of these goals (save perhaps the last) need be compromised by the
suggested change.
> Preventing people from doing things that are dangerous often
> also prevents them from doing things that are interesting.
Just set your umask appropriately then. And if it's not your Debian
box, I guess the admin can set whatever umask he likes.
I should say here that I think the umask is fine the way it is right
now.
> No. There are distributions that are trying to specialize as a
> niche for that kind of a user -- and they are far better left to the
> task than Debian is.
You seem to believe that Debian cannot become better suited for those
kinds of users without dropping down an irreversible path to
specialisation. I disagree.
> You have to ask yourself what it is that motivates the general
> developer. While by no means speaking for all developers, I say that
> I personally spend the time that I do on Debian because I want to --
> and I spend it doing things that are useful and interesting to
> _me_. Letting a novice use Debian is interesting, perhaps, but not
> really enough of a motivator -- that's not going to keep me up at 4am
> hacking at Debian.
So don't, then :) Answernig bug emails probably isn't something you get
too excited about either, but I don't see you disagreeing with the idea
that Debian should have a bug tracking system.
> tluxt> Now, he probably won't know about umask. My point is:
>
> Should he not learn?
Yes. But that doesn't mean we can't have a discussion about which is
the more appropriate default umask.
> tluxt> So, I think it wise that the packagers of the Debian system
> tluxt> should keep in mind such a person, and have as a goal that the
> tluxt> Debian system could, ultimately, be productively & easily used
> tluxt> by such a person.
>
> Why? How does that scratch my itch?
I don't think the purpose in people filing bugs or making suggestions is
to scratch your itch, though. If it does, great.
> We have a well known target audience. If we can expand the
> user base without inconveniencing the target autdience, fine. But
> making group based collaboration harder (by sharing files belonging
> to a common group that I and my fellow workers belong to) is not
> that.
Hmm. Who is root going to be collaborating with?
> I reject that hypothesis. Personally, I would much rather that
> Debian continue to cater to people like me -- there are toehr
> distibutions that shall be a better fit for the average consumer.
I think it's something that could be worked on where simple, convenient
and unobstructive.
> Choice is on of the greatest things that free software
> offers. Making Linux distributions clones of one other chasing the
> largest market share does the community a disservice in the end.
This seems like an overly competitive view of the Linux distro field.
We may make usability changes not to better "compete" with other
distributions, but simply because we see improvements we want to
merge/emulate in Debian. In other words, we take what we think is good.
Not because our goal is to "chase" them, but because we think it's a
worthy change.
--
Vincent Ho
vwh@dingoblue.net.au
Every complex problem is a simple hierarchy of simple problems.
Reply to: