On Fri, Aug 29, 2025 at 04:27:04PM -0500, Aaron Rainbolt wrote: > Control: severity -1 serious
The severity of a bug is under discretion of the package maintainer, unless being overridden by a delegate. AFAICT you are neither, so please stop changing the bug severity. > On Fri, 29 Aug 2025 23:03:37 +0200 > Chris Hofstaedtler <[email protected]> wrote: > > > Control: severity -1 wishlist > > > > On Fri, Aug 29, 2025 at 03:33:09PM -0500, Aaron Rainbolt wrote: > > > `write` and `msg` are both parts of POSIX as explained earlier > > > > write and mesg were removed due to security reasons. This part of > > POSIX is inherently insecure and unfixable. > > > > We're not gonna turn them back on. > > > The inherently insecure, unfixable security issues were remediated by > disabling the SGID bit on the executables. They are not. Running 'mesg y' reopens the security hole ('write' being only one of the tools that could be used). For trixie I tried to have the defaults always be the equivalent of 'mesg n', or better. I consider write, mesg to be legacy interfaces. On a typical install, they are purely dead weight. I forgot if write even -works- on a default install, ISTR the answer is 'no' (even after 'mesg y'). IIRC wall is also challenged on the default install, but I opted to keep it for the sake of non-default installs (sysvinit, etc). I truly believe we are better off without these tools. I doubt policy confines us to be a POSIX-compliant distro, and I would also expect us to not be at any time. Bringing these tools back brings us - from my PoV - nothing. I also think your comment comparing these tools with other tools to be an incorrect comparison. write/mesg/wall had a very small usecase; ls is used by a lot more people. If ls would be mostly useless on a default/typical install, it could also go away. Chris
