| 1 |
On Tue, Jan 3, 2012 at 11:08 AM, G.Wolfe Woodbury <redwolfe@×××××.com> wrote: |
| 2 |
> It |
| 3 |
> is getting to the point that the security aspects of having a read-only |
| 4 |
> mount for userspace executables is being overridden by developer fiat. |
| 5 |
> |
| 6 |
|
| 7 |
Can you clarify what you mean by this? I think the whole reason that |
| 8 |
RedHat is doing this is so that they can make /usr read-only, so that |
| 9 |
it only changes when you perform upgrades. I imagine the next step |
| 10 |
would be to use a trusted boot path and verify that partition when it |
| 11 |
is mounted. |
| 12 |
|
| 13 |
FHS has been brought up - I suspect the upstream projects that are |
| 14 |
sparking this move are quite aware that they're breaking compliance, |
| 15 |
so I doubt they're going to care if you file bugs pointing this out. |
| 16 |
No doubt after the change is made they'll lobby to revise FHS, and at |
| 17 |
that point since everybody will have gone along with it already there |
| 18 |
won't be much point in voicing objection. |
| 19 |
|
| 20 |
As with anything in FOSS - whoever has the developers gets to decide |
| 21 |
how things work. Anybody can file bugs or post on mailing lists, but |
| 22 |
the people writing the code will do what they do... |
| 23 |
|
| 24 |
Rich |
Archives