On Wed, 06 Feb 2019 17:48:24 +0100, Liam Proven wrote:
On 2/6/19 5:05 PM, Jeff Mahoney wrote:
It's a simple cost-benefit analysis. Developer time (even if it's volunteer) isn't free. If you want to invest your personal time in auditing and improving every file system that Linux supports, that's certainly your prerogative. As those file systems are improved, we can discuss removing them from the blacklist.
But that's not how it works.
I'm afraid that how it works is:
"I tried $DISTRO-1 but it didn't work with $DISTRO-2 and $OTHER-OS, so I switched to $DISTRO-3 because it just worked."
Until the headline "all Linux systems using [filesystem that should have been blacklisted] exposed to fatal security flaw" shows up. I'd rather be secure by default. You don't prevent security exploits from being used by saying "yeah, whatever, make it easy and don't give a damn about security until it's a problem" - because at the point the problem is reported, it's too late. Like I said earlier, if you're offering to step up and do proper maintenance on these niche filesystems, that's great. They need it. But if you're not, then don't make my systems less secure because it's too inconvenient for you to uncomment a driver you need in a blacklist file on the systems you specifically need the feature on. -- Jim Henderson Please keep on-topic replies on the list so everyone benefits -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org