From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1Ri8c2-00064j-5s for garchives@archives.gentoo.org; Tue, 03 Jan 2012 17:57:26 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 621B221C209; Tue, 3 Jan 2012 17:57:11 +0000 (UTC) Received: from mail-ey0-f181.google.com (mail-ey0-f181.google.com [209.85.215.181]) by pigeon.gentoo.org (Postfix) with ESMTP id E423921C206 for ; Tue, 3 Jan 2012 17:56:04 +0000 (UTC) Received: by eaai1 with SMTP id i1so11295965eaa.40 for ; Tue, 03 Jan 2012 09:56:04 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=mime-version:sender:in-reply-to:references:date :x-google-sender-auth:message-id:subject:from:to:content-type :content-transfer-encoding; bh=bPof9uwTS+KkjmtSPwCkS7eUw6KIU/1u+TsZekQ91UQ=; b=K5jU4M1G4Y4deXJhZnUoqfoPBzHb1feNmDtcooR31OBtk2nZ7BuTqX3FJu1wc3UNyb IvhmyCssrssXZhbsyPWtkOrpkPfvSRuIit/lJwHW1RZiB5RqlImOdpltC6WsBB1uRFwT GJDhoRwdI4B5VOYjxYx97uCVqSHnwnOLfJxTM= Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@lists.gentoo.org Reply-to: gentoo-dev@lists.gentoo.org MIME-Version: 1.0 Received: by 10.205.122.76 with SMTP id gf12mr12127785bkc.21.1325613364078; Tue, 03 Jan 2012 09:56:04 -0800 (PST) Sender: freemanrich@gmail.com Received: by 10.204.19.1 with HTTP; Tue, 3 Jan 2012 09:56:03 -0800 (PST) In-Reply-To: <4F0327E9.50508@gmail.com> References: <20120101015947.GA9914@linux1> <20120101085326.GA1928@gentoo.org> <4F032489.5000202@gentoo.org> <4F0327E9.50508@gmail.com> Date: Tue, 3 Jan 2012 12:56:03 -0500 X-Google-Sender-Auth: UGIckxKNjg5aDr3wHFF5u3y7_0U Message-ID: Subject: Re: [gentoo-dev] rfc: locations of binaries and separate /usr From: Rich Freeman To: gentoo-dev@lists.gentoo.org Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable X-Archives-Salt: e1dcc03a-6e50-4a92-a7ab-354095165f39 X-Archives-Hash: 9a17f7f90edee784318d511807b73d64 On Tue, Jan 3, 2012 at 11:08 AM, G.Wolfe Woodbury wrot= e: > =A0It > is getting to the point that the security aspects of having a read-only > mount for userspace executables is being overridden by developer fiat. > Can you clarify what you mean by this? I think the whole reason that RedHat is doing this is so that they can make /usr read-only, so that it only changes when you perform upgrades. I imagine the next step would be to use a trusted boot path and verify that partition when it is mounted. FHS has been brought up - I suspect the upstream projects that are sparking this move are quite aware that they're breaking compliance, so I doubt they're going to care if you file bugs pointing this out. No doubt after the change is made they'll lobby to revise FHS, and at that point since everybody will have gone along with it already there won't be much point in voicing objection. As with anything in FOSS - whoever has the developers gets to decide how things work. Anybody can file bugs or post on mailing lists, but the people writing the code will do what they do... Rich