This thread is really out of control, I doubt anything useful can be born here, we are just running circles around a chair.
On Fri, 2 Oct 2009 04:54:42 -0500, forgottenwizard <phrexianrea...@hushmail.com> wrote: > On Fri, Oct 02, 2009 at 11:40:33AM +0200, Sebastian Be?ler wrote: >> Am 02.10.2009 11:29, schrieb forgottenwizard: >> >> Then maybe a "custom_editor"-flag that inserts >> >> Defaults env_keep += "EDITOR VISUAL PAGER" >> >> to /etc/sudoers >> >> With that even emacs users would be satisfied. >> >> Greetings >> >> Sebastian >> > > Didn't the maintainer/dev that was dealing with the bug say that he > wouldn't do that because it was insecure? > > That also doesn't fix the problem that sudo thinks that nano is a safe > fallback. The problem is not in the editor, that's just one of the thousand assumptions people make here that are incorrect. The developers were rather pointing at the use of keep_env in the sudoers file, which is indeed risky, and the usage of external variables in the ebuild, which is also not only insecure, but very bad from every single viewpoint that I can think of. And anyway, it's true that vimOS and emacOS are not the sanest and more secure editors for config file, since they can do everything, and a bad user config for any of these (specially emacs I gues) can put your system at risk easier than nano could ever, because nano simply has not the needed capabilities to act as a nuclear bomb. But as said, that wasn't the point of the developers. > How about a custom_editor flag, as you suggested, then an EDITOR > variable in make.conf? Thats the only way I could see being able to > solve this problem without invariably screwing someone. This would > provide a fairly sane default while giving the user the choice to use > something else. That would be the only way that it would make sense to me. Just like we have VIDEO_CARDS, some GENTOO_EDITOR variable would be nice for this. But ebuilds and eclasses would need to be aware of this to push the correct dependencies. It's not that trivial to addapt portage to a new portage variable. The USE flag idea is non-viable and doesn't make sense. It really isn't a big deal to configure yourself anyways. So unless some developer is interested in this, I doubt they are going to do the job unless some pristine and already working patch is sent to them, and someone is willing to work on a collaborative way, and not just throwing <the-editor-I-preffer> blindingly in the sudo ebuild. -- Jesús Guerrero
