tech-userlevel: Re: PAM and su -K

Subject: Re: PAM and su -K
To: Greywolf <greywolf@starwolf.com>
From: Jason Thorpe <thorpej@shagadelic.org>
List: tech-userlevel
Date: 01/23/2005 10:11:11
--Apple-Mail-14--652347435
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset=US-ASCII; format=flowed


On Jan 22, 2005, at 3:37 PM, Greywolf wrote:

> You can do that on your box.  I happen to like systems that don't
> have quite so many single points of failure.  If you wish to address
> things and call them "nonsense", I point you to /lib, a dynamically 
> linked
> /sbin/init, and the whole notion of /rescue even being necessary.

Of course, I don't consider /rescue to be necessary (on production 
systems; on development systems that one expects to break when testing 
new code, sure, it can be useful there...).

And, if you want to talk about single points of failure, I'll refer you 
to /netbsd.

If you want to prevent your shared libraries from accidentally being 
deleted on a production system, then for goodness sake, chflags them 
(and all other critical "read-only" files) to be immutable (it would be 
pretty cool to have a "harden" option in the install for this, and 
appropriate optional clauses in the system mtree spec).

> I'm not against what you want to do for yourself, but please don't cut
> my rope for me.

As soon as you step up and offer (and follow through) to maintain all 
aspects of statically linking the NetBSD universe, then maybe I could 
take this argument seriously.  But until then, all I'm hearing from you 
(and all the other people who irrationally fear an all-dynamic 
universe) is an unreasonable demand to increase software maintenance 
and development costs in a way that impedes the progress that the 
NetBSD Project needs to make in order to stay relevant in the OS world.

         -- Jason R. Thorpe <thorpej@shagadelic.org>


--Apple-Mail-14--652347435
content-type: application/pgp-signature; x-mac-type=70674453;
	name=PGP.sig
content-description: This is a digitally signed message part
content-disposition: inline; filename=PGP.sig
content-transfer-encoding: 7bit

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (Darwin)

iD8DBQFB8+i/OpVKkaBm8XkRAmACAJ9lcdvTAZC1xp8KeMIz8rAqApdzXgCgnlrH
9xk2MrYMl68LNsGVfHyPn4o=
=hiVH
-----END PGP SIGNATURE-----

--Apple-Mail-14--652347435--