I'm ignoring the case where capabilities are dropped in my analysis. I've long valued that Debian does not mark file paths as readonly and would not support this change. I've worked on other Unix distributions that did this, and I found that it decreased the quality of life of the sysadmin enough that I just enjoyed being on Debian better and that this decision was one that contributed. Yes, root can write to anything. But several tools make it harder to write to things as root if they are without write permission. I think the value of stability and making it easy for the sysadmins is more important than this change absent cases where capabilities are dropped. I haven't thought about the capability dropped case enough. If that ends up being our rationale, I could hold my nose and go off in my own corner and grow a beard and grumble in my old age, talking about how great things used to be back in the day. In other cases I'm strongly opposed to this change. --Sam
Attachment:
signature.asc
Description: PGP signature