On Tue, 2015-11-17 at 17:30 +0000, Andrew Haley wrote: > On 11/02/2015 03:05 PM, Adam Jackson wrote: > > But, why take the risk exposure, when you could simply not? > > How else would I edit root-owned files? I don't get it. I mean, > I guess I could run an editor in a text window, but I don't want to > do that.
That's kind of a non sequitur. To a first order, there are zero root- owned files you need to edit routinely. And I feel pretty comfortable calling any counterexamples bugs that need fixing. > And finally, it's *my computer*, dammit. In the threat model being described, no, it is not, there's another agent on the system subverting your use of it. You are of course free to disregard that risk, or measure it in the event and conclude it's safe enough, and in many cases it will in fact be safe. Great, fine, that's a conclusion a consumer can come to. But in the Fedora context we are the producer, not the consumer. Developing an operating system means considering what is best in the general case, and in the general case, if using the system requires a known-dangerous configuration, we've done our job poorly. Phrased another way: no, it's not *your computer* we're talking about here. The computer in question rightfully belongs to someone else; we are here discussing how to be responsible for the code they allow us to run on it. - ajax -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
