Subject: Re: PAM and su -K
To: Greywolf <>
From: Jason Thorpe <>
List: tech-userlevel
Date: 01/23/2005 10:11:11
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset=US-ASCII; format=flowed
On Jan 22, 2005, at 3:37 PM, Greywolf wrote:
> You can do that on your box. I happen to like systems that don't
> have quite so many single points of failure. If you wish to address
> things and call them "nonsense", I point you to /lib, a dynamically
> linked
> /sbin/init, and the whole notion of /rescue even being necessary.
Of course, I don't consider /rescue to be necessary (on production
systems; on development systems that one expects to break when testing
new code, sure, it can be useful there...).
And, if you want to talk about single points of failure, I'll refer you
to /netbsd.
If you want to prevent your shared libraries from accidentally being
deleted on a production system, then for goodness sake, chflags them
(and all other critical "read-only" files) to be immutable (it would be
pretty cool to have a "harden" option in the install for this, and
appropriate optional clauses in the system mtree spec).
> I'm not against what you want to do for yourself, but please don't cut
> my rope for me.
As soon as you step up and offer (and follow through) to maintain all
aspects of statically linking the NetBSD universe, then maybe I could
take this argument seriously. But until then, all I'm hearing from you
(and all the other people who irrationally fear an all-dynamic
universe) is an unreasonable demand to increase software maintenance
and development costs in a way that impedes the progress that the
NetBSD Project needs to make in order to stay relevant in the OS world.
-- Jason R. Thorpe <>
content-type: application/pgp-signature; x-mac-type=70674453;
content-description: This is a digitally signed message part
content-disposition: inline; filename=PGP.sig
content-transfer-encoding: 7bit
Version: GnuPG v1.2.4 (Darwin)