Re: ✘"Sudo? Sudon't!" and "Saving U-blox Configuration"

[Joshua Judson Rosen]

On 1/19/21 1:08 PM, Gary E. Miller wrote:
> Yo Joshua!
>
> On Tue, 19 Jan 2021 12:17:11 -0500
> Joshua Judson Rosen <rozzin@hackerposse.com> wrote:
>
> > On 1/18/21 1:23 PM, Gary E. Miller wrote:
> > > If you wish to ignore my sage advice, feel free to run insecure
> > > systems.
> > >
> > > But this list is for discussion of gpsd.  Not sudo.
> >
> > Then why are you so insistent on discussing the general security
> > issues of sudo and whether people should use it at all, instead of
> > just describing what the actual issue is with _specifically as
> > applied to gpsd_?
>
> Because I hate wasting my time on dead ends. 
[...]
> The text clearly says that sudo breaks ubxtool examples.  What more do
> you need to know to not use sudo with ubxtool examples?

Good question--I thought that's what Bernd was saying in his initial response 
on Friday,
though he didn't phrase it as a question.
I would answer "nothing more". If that's all you want to say, why not
have your doc _just say that_?

You are the only one insisting that the users need to also be briefed in
general security issues related to sudo and AFAICT unrelated to gpsd or ubxtool.

If you want to just drop that discussion and reduce the text to something like:

        Do not run ubxtool with sudo!

        For some reason some users persist in using sudo with ubxtool. This is 
wrong:

            While ubxtool will run fine if root runs it, ubxtool never needs 
root access!

            Using sudo with some of these examples will break them--do not use 
sudo to run ubxtool.

... then everyone will likely stop giving you the feedback you requested on
the phrasing of those now-eliminated sudo/security advisories.

> I thought this was vey clear:
>
> https://gpsd.io/ubxtool-examples.html
>
>      ubxtool never needs root access, but will run fine as root.

I thought that statement was reasonably clear and complete as well
(though it could be slightly cleaned by rephrasing as I described above).
Especially if you just *stopped there* instead of rambling on about what are 
AFAICT
unrelated general sysadmin/security issues (especially since you then 
explicitly stated
"Please let us keep the discussion to the specifics at hand: running ubxtool 
under sudo.
general sysadmin issues should be discussed elsehere [sic?].")

> Howcum everyone wants to discuss this ad nauseum,

I'm sorry, but you've lost me. I'd like to offer constructive criticism of
your `implementation' (the text expressing your idea, whatever it is)
without having to join the fight over the idea itself--since I thought
you had asked for such feedback. But I can't figure out what the point
of this conversation is anymore.

AFAICT you're the one who keeps steering the conversation
back to "sudo security issues" etc. at all. Bernd and I have both
suggested just dropping that line of conversation entirely at this point.

Nobody else does want to talk about it, AFAICT.

The constant vacillation (to the point where I agreed with you
and you immediately shot back "I disagree") makes it look like you
are fighting with yourself.

I don't even understand what you're trying to accomplish at this point,
or what you're even seeking feedback on. I am thoroughly confused.

Some of the responses I'm getting from you just make no sense to me--
it's almost like you've lost track of whether you're responding
to me or to Bernd.

--
Connect with me on the GNU social network: 
<https://status.hackerposse.com/rozzin>
Not on the network? Ask me for an invitation to a social hub!