Re: Crypto consolidation in debian ?
* Roger Leigh (firstname.lastname@example.org) [110501 15:08]:
> Even if the NSS situation changes, surely it's immediately obvious
> that a random library function should not tamper with the uid of a
> process as a side-effect? Unless the caller explicitly requested
> dropping of root privs, no library has *any* business in changing it.
I miss (not only here) the principle:
First, do no harm.
Which are totally failed by a library changing uids on it's own.