1 |
On Tue, Jan 3, 2012 at 11:08 AM, G.Wolfe Woodbury <redwolfe@×××××.com> wrote: |
2 |
> It |
3 |
> is getting to the point that the security aspects of having a read-only |
4 |
> mount for userspace executables is being overridden by developer fiat. |
5 |
> |
6 |
|
7 |
Can you clarify what you mean by this? I think the whole reason that |
8 |
RedHat is doing this is so that they can make /usr read-only, so that |
9 |
it only changes when you perform upgrades. I imagine the next step |
10 |
would be to use a trusted boot path and verify that partition when it |
11 |
is mounted. |
12 |
|
13 |
FHS has been brought up - I suspect the upstream projects that are |
14 |
sparking this move are quite aware that they're breaking compliance, |
15 |
so I doubt they're going to care if you file bugs pointing this out. |
16 |
No doubt after the change is made they'll lobby to revise FHS, and at |
17 |
that point since everybody will have gone along with it already there |
18 |
won't be much point in voicing objection. |
19 |
|
20 |
As with anything in FOSS - whoever has the developers gets to decide |
21 |
how things work. Anybody can file bugs or post on mailing lists, but |
22 |
the people writing the code will do what they do... |
23 |
|
24 |
Rich |