python3.2+ compiled files

[Jeff Johnson]

On Apr 9, 2011, at 3:50 PM, Tomasz Pala wrote:

> On Sat, Apr 09, 2011 at 15:34:55 -0400, Jeff Johnson wrote:
> 
>>>> There's no known reason why xattr's can't be done in other ways.
>>> 
>>> Like what?
>> 
>> Like not having RPM attach xattr's.
> 
> Please tell me how to do root-free (capabilities-based) system without
> xattrs in rpm - doing this outside upgrade procedure leaves window for
> making system unusable in cases like power failure.
> 

You asked for me to explain "other ways". I am not obligated
nor inclined to argue security packaging with anyone in public.
I quite well know what *I* would do instead; but the issue here is
what *you* want to do in PLD.

> Now we're using some dumb solutions like 'admin' group for SUID ICMP ping
> instead attaching proper file capabilities. In long term we should
> remove ALL SUID binaries from distribution, as this approach is broken
> by design and should be obsoleted 10 years ago.
> 

That is your right and privilege to do whatever you wish to do.

But unlike other dstros, PLD usually does sensible engineering.

The only reason I replied is because Patryk said:

> Not sure about PLD but I suppose we just followed what the others were
> doing. Other distros did it this way so they could set proper selinux
> attributes.

basically arguing "Do what everyone else is doing." when the
reality is actually that SELinux wussed out on proper engineering
5+ years ago (and is considerably improved since).

73 de Jeff

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4645 bytes
Desc: not available
URL: </mailman/pipermail/pld-devel-en/attachments/20110409/e7bee8e2/attachment.p7s>