I am removing the meeting tag for now, because FESCo decided today that we are going to attempt to vote on more tickets via in-ticket voting as opposed to meetings. We decided that a ticket can be approved if it gets +3 in a week, unless a FESCo member wants to discuss it in a meeting in which case they can add the meeting label.

That said, I am +1 to the change. I do not believe this is a security risk since any attacker that can edit ~/bin can just as easily edit the user's PATH, and if you have someone on your machine with that capability then the PATH isn't going to save you.

To further clarify, the ticket must remain open for voting for a week, meaning that if it gets +3 immediately, it still needs to stay open to allow other FESCo members to vote or add the meeting tag. if the meeting tag is added the decision will be deferred until it is discussed in a meeting.

+1 to the change

I'm personally convinced that this is the right thing to do. Nevertheless, it's a very contentious issue, and certainly not all developers are convinced that this it the right thing to do. I think we should discuss this in a meeting to give those people anther chance to participate and voice their concerns during a live chat. Also, I think we should decide such contentious issues by a full vote. I'll re-add the meeting tag.

+1 to the change, I am not convinced that a chat will create actual benefit. I am not sure why people actually see a problem here (other that security theater) since the arguments for it being security-critical all seem to be far stretched or use constructed examples.

Yep, I agree. But public process is there for a reason. And my second reason, a full vote, stands independently.

+1

• 1913 F29 Self Contained Change: User PATH Prioritization (sgallagh, 15:33:51)
  • AGREED: FESCo accepts the F29 Self Contained Change: User PATH Prioritization (+6, 1, -0) (sgallagh, 15:41:10)