[Discuss] Debian 12 vs. WSL 1

[richard.pieri at gmail.com (Rich Pieri)]

On Tue, 20 Jun 2023 14:08:11 -0500
Derek Martin <invalid at pizzashack.org> wrote:

> Obviously I disagree, particularly when the customizations are
> basically trivial, one-time work.

That's the rub. You see it as a one-time thing. Whereas I see it as a
one-time thing times the approximately 4000 machines and counting that
I've deployed as part of my job, one that actively makes my job more
complicated due to all these thousands of one-time things breaking
in-place upgrades of various systems.


> Demonstrate how you can subvert this as a non-root user (assume your
> sysadmin/vendor/developer is not a moron), and we'll talk again.  Just
> because you found a vendor who got it wrong doesn't mean it's a
> problem.

I call straw-man. One simplistic example in a vacuum where I do not
immediately see an exploit in your code does not demonstrate that all
of your code in all of your environments is immune to compromise.

I also think I'm finished here. I encountered a known problem that
sysadmins can encounter with implementing UsrMerge. I provided a
workaround for sysadmins who encounter the same problem, one that I
think is easier to execute than the one Debian suggests. The end.

If you want to debate the merits of UsrMerge vs split /usr then do it
with someone who cares.

-- 
\m/ (--) \m/