Don wrote:
> Ouch! For the record, Shawn initially argued the case _for_ the
> dot-in-path to WSS
Yeah, I think Brian knew that; you may have misread that part of his
message slightly. Thanks for defending me, though! :)
> This is _especially_ true for beginner users who aren't aware of the
> problem to begin with and will be most susceptible to trickery.
However, I don't think beginning users generally make a habit of being in
/tmp. For that matter, how often are experienced users really in /tmp or
/scratch (themselves - not user-owned subdirectories)?
(The juxtaposition of the words "/scratch themselves" wasn't intentional.
Really.)
---Miguel wrote:
> This isn't really any of my business, but here's my 2 cents. I think it's > a little counterproductive to toss around loaded labels like "elitist" in > a discussion like this. If you disagree, disagree on substance.
That *was* substance. The point (if I understand it correctly) was that there are people who are suggesting that others need to learn about paths "for their own good," as if they're qualified to say that. Or to say that people "should" know about paths and that if they don't, they deserve to be confused.
I don't want to have the thread spin out of control, so I'll just address the remaining points and then (hopefully) not post on it anymore myself. In short, it comes down to whether or not you think that the inconvenience here is worth the added security. In my opinion, risks as slight as this aren't worth complicating everyone's environment. But it's just a judgment call.
Take ssh versus telnet, as an example. Some people were in favor of shutting off telnet access to the Zoo, but that would complicate things unnecessarily for some users. Would the security benefit there have really been tangible, or would it just prove a point?
(Don't focus on the fact that deleting telnet would eliminate choice, whereas either putting . in the path or not putting it there still gives people the option to change it. That's true but tangential. The issue is simply, "Do we complicate things for people when there's arguably no real benefit to doing so?")
Sure, it's great if people want to learn how to use ssh, find a client for their platform, etc. But to force this difficulty on them *would* be "elitist" in a particular sense: until ssh is more universal, it amounts to saying "we know so much more than you about this subject that we're willing to make your life more difficult because of it." This isn't a black-and-white issue; one day, ssh will probably be the standard way of connecting for most people (not just me and you), and then it'll be fine to get rid of telnet. Likewise, if the . problem were more likely and I were actually afraid that it'd hurt some Zoo user, I might be in favor of taking it out of the path.
As I said, it's just a judgment call. And it probably doesn't deserve this much debate -- Sorry!
Shawn