Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

I think you may have misread.

> I first spent weeks arguing on a bugzilla that the security policy of requiring the root password for changing the timezone

The time zone is a completely presentational setting, something that users can be expected to want to change every so often. And it has no relation to timestamps.



Changing time zones can fuck up a server application.


Time zone setting can (and should) be a user-specific setting.

Since a server application most likely isn't running as a the same user as the "real" logged-in user, there's no reason anything bad would happen.


CAN and SHOULD. but it's NOT.


Try 'export TZ=my/timezone/name' sometime.


What on earth are you doing using time zones in a server application? Time zone is purely presentation, you should be storing and calculating everything in UTC and only converting to time zone for presentation to a user based on that user's time zone (either via a user defined setting for your application or based on the current time zone setting of a user's system). You should never, ever, ever use the server's time zone to determine presentation to a user (or for anything really).


No, the server application should have it's own timezone setting, like almost any serious server has, and/or use UTC time.

And a distro must not assume you're using it for server applications, when you install a personal installation on your laptop.


don't tell me. tell the linux developers who created the server application.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: