diff options
Diffstat (limited to 'zarb-ml/mageia-discuss/20120208/007766.html')
-rw-r--r-- | zarb-ml/mageia-discuss/20120208/007766.html | 117 |
1 files changed, 117 insertions, 0 deletions
diff --git a/zarb-ml/mageia-discuss/20120208/007766.html b/zarb-ml/mageia-discuss/20120208/007766.html new file mode 100644 index 000000000..187de6d3c --- /dev/null +++ b/zarb-ml/mageia-discuss/20120208/007766.html @@ -0,0 +1,117 @@ +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN"> +<HTML> + <HEAD> + <TITLE> [Mageia-discuss] A possible risk ? + </TITLE> + <LINK REL="Index" HREF="index.html" > + <LINK REL="made" HREF="mailto:mageia-discuss%40mageia.org?Subject=Re%3A%20%5BMageia-discuss%5D%20A%20possible%20risk%20%3F&In-Reply-To=%3C201202081335.03633.cannewilson%40googlemail.com%3E"> + <META NAME="robots" CONTENT="index,nofollow"> + <META http-equiv="Content-Type" content="text/html; charset=us-ascii"> + <LINK REL="Previous" HREF="006428.html"> + <LINK REL="Next" HREF="006430.html"> + </HEAD> + <BODY BGCOLOR="#ffffff"> + <H1>[Mageia-discuss] A possible risk ?</H1> + <B>Anne Wilson</B> + <A HREF="mailto:mageia-discuss%40mageia.org?Subject=Re%3A%20%5BMageia-discuss%5D%20A%20possible%20risk%20%3F&In-Reply-To=%3C201202081335.03633.cannewilson%40googlemail.com%3E" + TITLE="[Mageia-discuss] A possible risk ?">cannewilson at googlemail.com + </A><BR> + <I>Wed Feb 8 14:51:27 CET 2012</I> + <P><UL> + <LI>Previous message: <A HREF="006428.html">[Mageia-discuss] A possible risk ? +</A></li> + <LI>Next message: <A HREF="006430.html">[Mageia-discuss] A possible risk ? +</A></li> + <LI> <B>Messages sorted by:</B> + <a href="date.html#7766">[ date ]</a> + <a href="thread.html#7766">[ thread ]</a> + <a href="subject.html#7766">[ subject ]</a> + <a href="author.html#7766">[ author ]</a> + </LI> + </UL> + <HR> +<!--beginarticle--> +<PRE>On Wednesday 08 February 2012 12:50:46 Anne Wilson wrote: +><i> Am 08.02.2012 13:35, schrieb Michael Scherer: +</I>><i> > Le mercredi 08 février 2012 à 08:47 -0300, Renaud (Ron) Olgiati a +</I>><i> > +</I>><i> > écrit : +</I>><i> >> On Wednesday 08 Feb 2012 08:37 my mailbox was graced by a message from +</I>><i> >> Claire +</I>><i> >> +</I>><i> >> Robinson who wrote: +</I>><i> >>>> I ended up installing Mageia 1 on his box, but I wonder why does the +</I>><i> >>>> distribution allow the user to potentially hose his system, when it +</I>><i> >>>> requires the root password to install a prog ? +</I>><i> >>>> Would it not make more sense to ask for the root password for the +</I>><i> >>>> updates? +</I>><i> >>> +</I>><i> >>> It is configurable in MCC. You can find it under Security => Configure +</I>><i> >>> authentication for Mageia Tools. +</I>><i> >>> Just select root for Update. +</I>><i> >> +</I>><i> >> Brilliant, thanks. +</I>><i> >> +</I>><i> >> But would it not make more sense to have the default changed to root ? +</I>><i> > +</I>><i> > That totally miss the point, which is that a upgrade hosed the system. +</I>><i> > Would requiring the root password have changed that ? I doubt. +</I>><i> > +</I>><i> > However, if the user cannot do upgrade without asking to someone else +</I>><i> > ( because that's the whole point of having 2 different passwords, else, +</I>><i> > that's just a nuisance that will confuse most people ), then he will +</I>><i> > likely miss security and bugfixes updates, and that's problematic. +</I>><i> > +</I>><i> > And I truly doubt that having a separate person ( ie, asking to someone +</I>><i> > else who has the root password ) would have avoid any issues due to +</I>><i> > upgrade. I am pretty sure that both of us would have also updated the +</I>><i> > computer. +</I>><i> > +</I>><i> > The risk is the lack of QA, and I have been repeating this since a long +</I>><i> > time. If people cannot trust updates, they will use them, and they face +</I>><i> > issues and security problems, and that will tarnish our reputation, +</I>><i> > among others. +</I>><i> +</I>><i> Well, you also miss the point if the cause for this breakage (maybe some +</I>><i> packages that are currently missing/only available in an older version +</I>><i> compared to Mandriva) is not reported, we can't really fix it, no? +</I>><i> +</I>><i> So just telling: "An upgrade from Mandriva broke my machine" will do no +</I>><i> good at all, +</I>><i> IMHO. +</I> +Having just lost a week when an update broke my CentOS box, I should point out +that I have no idea what caused the breakage - and when the system is unusable +there are no logs either. I understand your concern, but it may not be +possible for the user to give you that information. + +I agree with Michael Scherer that the security setting is not the issue. Not +only would an admin guy, if one exists, have done the update, but also the +user cannot keep his machine secure without help. I have some very non-techy +users in my family and expect them to accept updates whenever they are offered. +They are told to contact me if they see any messages they don't understand, +but otherwise, carry on, and it works well. + +Anne +</PRE> + +<!--endarticle--> + <HR> + <P><UL> + <!--threads--> + <LI>Previous message: <A HREF="006428.html">[Mageia-discuss] A possible risk ? +</A></li> + <LI>Next message: <A HREF="006430.html">[Mageia-discuss] A possible risk ? +</A></li> + <LI> <B>Messages sorted by:</B> + <a href="date.html#7766">[ date ]</a> + <a href="thread.html#7766">[ thread ]</a> + <a href="subject.html#7766">[ subject ]</a> + <a href="author.html#7766">[ author ]</a> + </LI> + </UL> + +<hr> +<a href="https://www.mageia.org/mailman/listinfo/mageia-discuss">More information about the Mageia-discuss +mailing list</a><br> +</body></html> |