top | item 45993129

(no title)

darkamaul | 3 months ago

This is a meaningful step! For years, XDG Base Directory compliance has been spotty across major applications. Firefox's adoption matters because it's widely used and its implementation may encourage others to follow suit.

The Arch Wiki documentation will likely need updates [1], but sadly the list of non-compliant software is far too long.

[1]: https://wiki.archlinux.org/title/XDG_Base_Directory

discuss

aidenn0|3 months ago

FWIW, the OpenSSH devs believe it to be a potential security risk to adopt XDG:

> Adding additional configuration paths is confusing and potentially risky for .ssh as, quite unlike usual "desktop" apps, it grants system access and having its configuration smeared across several possible paths makes managing this more confusing and brittle.[1]

I think this is clearly true for something like ~/.ssh/authorized_keys; it is perhaps less true for ~/.ssh/config and or ~/.ssh/known_hosts which could go in XDG_CONFIG_HOME and XDG_DATA_HOME, but if part of the point of the XDG BDS is to reduce dotfiles in $HOME then it makes less sense to move some, but not all of those files.

1: https://marc.info/?l=openssh-unix-dev&m=170687803731931&w=2

Avamander|3 months ago

I think most people are okay with software such as OpenSSH keeping its long-existing conventions. In the same way I don't think a lot of people mind ".bashrc" being where it is. It's manageable if there's just a few and they're well-known.

However this "exemption" does not and should not apply to anything newer. Things like Cargo, Snap, Steam, Jupyter, Ghidra, Gradle, none of those should be putting their stuff (especially temporary junk) directly and unsegmented into $HOME.

At some point I had more than 50 different dotfiles and dotfolders in my $HOME. It was unwieldy and nasty to look at. I couldn't even figure out what created some of those files because they were so generic.

Plain $HOME as the dumping ground simply does not scale beyond a select few.

johnisgood|3 months ago

> configuration smeared across several possible paths

This does make things confusing, and while it may be inconvenient, it is not a security risk.

I use firejail with most apps and they do not have access to any other files than their own (most of the time).

FWIW, I am completely fine with ~/.ssh and I hope it keeps being ~/.ssh. I prefer SSH-related stuff to be in one place. Same with ~/.gnupg. I do not want to miss anything when I am making backups.

shmerl|3 months ago

Chromium is still polluting stuff with $HOME/.pki because it's not using libnss correctly and developers don't care to fix it, despite a longstanding open bug report.

Which results in everything that embeds Chromium (like QtWebEngine and etc.) polluting $HOME as well.

PunchyHamster|3 months ago

the most "fun" I had it with the mess recently was after icedove -> thunderbird name migration (it was renamed in Debian coz of some trademark issue).

Tunderbird, of course, kept mail and config in same directory. The migration process renamed .icedove to .thunderbird and removed it.

But the config for mailboxe still had .icedove/xyz path. So once config migration is finished, mails start to download in old location, and after restarting thunderbird goes "hey, there is both .icedove and .thunderbird dir, I'm not starting".

with XDG that config would be separate so there would be no need to even move the data dir

indolering|3 months ago

It's absurd that the list is so long considering the PR to fix it would only take a couple of hours.

longor1996|3 months ago

Given that many tools are relatively small, I'd almost argue it wouldn't take more than 30min, ignoring testing.