On Tue, Jan 3, 2012 at 11:08 AM, G.Wolfe Woodbury <redwo...@gmail.com> wrote: > It > is getting to the point that the security aspects of having a read-only > mount for userspace executables is being overridden by developer fiat. >
Can you clarify what you mean by this? I think the whole reason that RedHat is doing this is so that they can make /usr read-only, so that it only changes when you perform upgrades. I imagine the next step would be to use a trusted boot path and verify that partition when it is mounted. FHS has been brought up - I suspect the upstream projects that are sparking this move are quite aware that they're breaking compliance, so I doubt they're going to care if you file bugs pointing this out. No doubt after the change is made they'll lobby to revise FHS, and at that point since everybody will have gone along with it already there won't be much point in voicing objection. As with anything in FOSS - whoever has the developers gets to decide how things work. Anybody can file bugs or post on mailing lists, but the people writing the code will do what they do... Rich
