diff options
Diffstat (limited to 'zarb-ml/mageia-discuss/20120208/006438.html')
| -rw-r--r-- | zarb-ml/mageia-discuss/20120208/006438.html | 119 |
1 files changed, 119 insertions, 0 deletions
diff --git a/zarb-ml/mageia-discuss/20120208/006438.html b/zarb-ml/mageia-discuss/20120208/006438.html new file mode 100644 index 000000000..fd2e9839d --- /dev/null +++ b/zarb-ml/mageia-discuss/20120208/006438.html @@ -0,0 +1,119 @@ +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN"> +<HTML> + <HEAD> + <TITLE> [Mageia-discuss] A possible risk ? + </TITLE> + <LINK REL="Index" HREF="index.html" > + <LINK REL="made" HREF="mailto:mageia-discuss%40mageia.org?Subject=Re%3A%20%5BMageia-discuss%5D%20A%20possible%20risk%20%3F&In-Reply-To=%3CCA%2Bh4nj7Ns-tAHPmxQKcJm53h2%2Bipp-pGWG4hOqocJwjcwf09hw%40mail.gmail.com%3E"> + <META NAME="robots" CONTENT="index,nofollow"> + <META http-equiv="Content-Type" content="text/html; charset=us-ascii"> + <LINK REL="Previous" HREF="006432.html"> + <LINK REL="Next" HREF="006440.html"> + </HEAD> + <BODY BGCOLOR="#ffffff"> + <H1>[Mageia-discuss] A possible risk ?</H1> + <B>Wolfgang Bornath</B> + <A HREF="mailto:mageia-discuss%40mageia.org?Subject=Re%3A%20%5BMageia-discuss%5D%20A%20possible%20risk%20%3F&In-Reply-To=%3CCA%2Bh4nj7Ns-tAHPmxQKcJm53h2%2Bipp-pGWG4hOqocJwjcwf09hw%40mail.gmail.com%3E" + TITLE="[Mageia-discuss] A possible risk ?">molch.b at googlemail.com + </A><BR> + <I>Wed Feb 8 16:13:57 CET 2012</I> + <P><UL> + <LI>Previous message: <A HREF="006432.html">[Mageia-discuss] A possible risk ? +</A></li> + <LI>Next message: <A HREF="006440.html">[Mageia-discuss] A possible risk ? +</A></li> + <LI> <B>Messages sorted by:</B> + <a href="date.html#6438">[ date ]</a> + <a href="thread.html#6438">[ thread ]</a> + <a href="subject.html#6438">[ subject ]</a> + <a href="author.html#6438">[ author ]</a> + </LI> + </UL> + <HR> +<!--beginarticle--> +<PRE>2012/2/8 Michael Scherer <<A HREF="https://www.mageia.org/mailman/listinfo/mageia-discuss">misc at zarb.org</A>>: +><i> Le mercredi 08 février 2012 à 14:02 +0100, Wolfgang Bornath a écrit : +</I>>><i> 2012/2/8 Michael Scherer <<A HREF="https://www.mageia.org/mailman/listinfo/mageia-discuss">misc at zarb.org</A>>: +</I>>><i> > Le mercredi 08 février 2012 à 08:47 -0300, Renaud (Ron) Olgiati a +</I>>><i> > écrit : +</I>>><i> >> On Wednesday 08 Feb 2012 08:37 my mailbox was graced by a message from Claire +</I>>><i> >> Robinson who wrote: +</I>>><i> >> > > I ended up installing Mageia 1 on his box, but I wonder why does the +</I>>><i> >> > > distribution allow the user to potentially hose his system, when it +</I>>><i> >> > > requires the root password to install a prog ? +</I>>><i> >> > > Would it not make more sense to ask for the root password for the updates? +</I>>><i> >> +</I>>><i> >> > It is configurable in MCC. You can find it under Security => Configure +</I>>><i> >> > authentication for Mageia Tools. +</I>>><i> >> > Just select root for Update. +</I>>><i> >> +</I>>><i> >> Brilliant, thanks. +</I>>><i> >> +</I>>><i> >> But would it not make more sense to have the default changed to root ? +</I>>><i> > +</I>>><i> > That totally miss the point, which is that a upgrade hosed the system. +</I>>><i> > Would requiring the root password have changed that ? I doubt. +</I>>><i> +</I>>><i> No. What you are pointing at (the breakage of the system) is a matter +</I>>><i> to be looked at. +</I>><i> +</I>><i> In fact, the breakage is not our call, since this is on Mandriva. +</I> +May be, may be not - depends on the reasons why this upgrade went bad. +Pls remove the blinds. + +>><i> But the point you are missing is the security breakage.  If a user +</I>>><i> does not have the root password then there is a reason for that and he +</I>>><i> is probably working in an environment where only dedicated people have +</I>>><i> the permission to do system management and it is their task to do +</I>>><i> updates. +</I>><i> +</I>><i> Then in such environment, the sysadmin will set it so only him can do +</I>><i> update. If there is a admin, we should assume that he know what to do, +</I>><i> and restrict it accordingly, using the tools as explained by Claire. +</I> +No, it has been different for years and everybody was happy with the +setup except those who are too lazy using passwords at all. + +>><i> A private user who is on his own usually has the root +</I>>><i> password. So your point of missing security updates because of 2 +</I>>><i> passwords is not valid. +</I>><i> +</I>><i> What part of "having to keep 2 password is more complex than having one" +</I>><i> is wrong ? I have seen lots of people even asking to remove all +</I>><i> passwords since they do not care, so having 2 just worst. +</I> +Yes, I have seen postings like "why do I have to use passwords" and +"why can I not log in KDE as root" more than once. Are these people +our target group? If so than - have fun! What strikes me is that you +of all people are advocating a loosening of security with no real +reason. + +-- +wobo +</PRE> + + + + + +<!--endarticle--> + <HR> + <P><UL> + <!--threads--> + <LI>Previous message: <A HREF="006432.html">[Mageia-discuss] A possible risk ? +</A></li> + <LI>Next message: <A HREF="006440.html">[Mageia-discuss] A possible risk ? +</A></li> + <LI> <B>Messages sorted by:</B> + <a href="date.html#6438">[ date ]</a> + <a href="thread.html#6438">[ thread ]</a> + <a href="subject.html#6438">[ subject ]</a> + <a href="author.html#6438">[ author ]</a> + </LI> + </UL> + +<hr> +<a href="https://www.mageia.org/mailman/listinfo/mageia-discuss">More information about the Mageia-discuss +mailing list</a><br> +</body></html> |