Date: Thu, 29 Jun 2000 12:05:25 -0700 (PDT) From: Doug Barton <Doug@gorean.org> To: John Hay <jhay@mikom.csir.co.za> Cc: Sheldon Hearn <sheldonh@uunet.co.za>, arch@FreeBSD.ORG Subject: Re: mergemaster: Change in description of envar handling Message-ID: <Pine.BSF.4.21.0006291200110.7874-100000@dt052n3e.san.rr.com> In-Reply-To: <200006291832.e5TIWTW63381@zibbi.mikom.csir.co.za>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, 29 Jun 2000, John Hay wrote:
> >
> > No. I already conceded part of this point a while back when I developed
> > the .mergemasterrc mechanism so that people could specify their own PATH
> > (among other things), so there is already a way out of this for those
> > who are not interested in specifying the full path to their PAGER. I'm
> > definitely not going to support a text change which moves away from
> > encouraging "best practice."
>
> Can you tell me why it is good practise to use full paths for environment
> variables, because I don't understand it.
Essentially, it's the same argument as not putting '.' in the
PATH. Are there bigger, more important security holes to worry
about? Absolutely. That doesn't mean that doing what you can to improve
security isn't worthwhile.
In any case, this is a very small issue, and it's not central to
what mergemaster does, or how it does it. If you don't agree, that's ok
with me, my feelings won't be hurt. I've already agreed to expand that
"advisory" to make it more clear.
Man... you'd think I was asking people to jam hot needles in their
eyes....
--
"Live free or die"
- State motto of my ancestral homeland, New Hampshire
Do YOU Yahoo!?
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-arch" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0006291200110.7874-100000>