diff options
Diffstat (limited to 'zarb-ml/mageia-discuss/20110704/004909.html')
| -rw-r--r-- | zarb-ml/mageia-discuss/20110704/004909.html | 118 |
1 files changed, 118 insertions, 0 deletions
diff --git a/zarb-ml/mageia-discuss/20110704/004909.html b/zarb-ml/mageia-discuss/20110704/004909.html new file mode 100644 index 000000000..2d3762904 --- /dev/null +++ b/zarb-ml/mageia-discuss/20110704/004909.html @@ -0,0 +1,118 @@ +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN"> +<HTML> + <HEAD> + <TITLE> [Mageia-discuss] mageiaupdate and the list of updates + </TITLE> + <LINK REL="Index" HREF="index.html" > + <LINK REL="made" HREF="mailto:mageia-discuss%40mageia.org?Subject=Re%3A%20%5BMageia-discuss%5D%20mageiaupdate%20and%20the%20list%20of%20updates&In-Reply-To=%3C4E113C04.30400%40laposte.net%3E"> + <META NAME="robots" CONTENT="index,nofollow"> + <META http-equiv="Content-Type" content="text/html; charset=us-ascii"> + <LINK REL="Previous" HREF="004905.html"> + <LINK REL="Next" HREF="004901.html"> + </HEAD> + <BODY BGCOLOR="#ffffff"> + <H1>[Mageia-discuss] mageiaupdate and the list of updates</H1> + <B>andre999</B> + <A HREF="mailto:mageia-discuss%40mageia.org?Subject=Re%3A%20%5BMageia-discuss%5D%20mageiaupdate%20and%20the%20list%20of%20updates&In-Reply-To=%3C4E113C04.30400%40laposte.net%3E" + TITLE="[Mageia-discuss] mageiaupdate and the list of updates">andr55 at laposte.net + </A><BR> + <I>Mon Jul 4 06:05:24 CEST 2011</I> + <P><UL> + <LI>Previous message: <A HREF="004905.html">[Mageia-discuss] mageiaupdate and the list of updates +</A></li> + <LI>Next message: <A HREF="004901.html">[Mageia-discuss] mageiaupdate and the list of updates +</A></li> + <LI> <B>Messages sorted by:</B> + <a href="date.html#4909">[ date ]</a> + <a href="thread.html#4909">[ thread ]</a> + <a href="subject.html#4909">[ subject ]</a> + <a href="author.html#4909">[ author ]</a> + </LI> + </UL> + <HR> +<!--beginarticle--> +<PRE>Michael Scherer a écrit : +><i> Le samedi 02 juillet 2011 à 19:40 -0400, andre999 a écrit : +</I>>><i> Anne nicolas a écrit : +</I>>>><i> 2011/7/2 Romain d'Alverny<<A HREF="https://www.mageia.org/mailman/listinfo/mageia-discuss">rdalverny at gmail.com</A>>: +</I>>>>><i> Le 2 juil. 2011 à 17:14, andre999<<A HREF="https://www.mageia.org/mailman/listinfo/mageia-discuss">andr55 at laposte.net</A>> a écrit : +</I>>>>>><i> Suppose during the update process you have a check box to put a particular update on +</I>>>>>><i> the skip list, or another to uninstall the corresponding package. +</I>>>>><i> +</I>>>>><i> That would be an interesting option to investigate. +</I>>>>><i> +</I>>>>>><i> Note that if you can't uninstall a package because it is required, it is usually +</I>>>>>><i> inadvisable skip updates, unless you really understand the issues. +</I>>>>><i> +</I>>>>><i> So the user is stuck: unadvisable to skip the updates, unless she understands the issues +</I>>>>><i> => just make the update automatic in a background task by default then; one doesn't care +</I>>>>><i> about the issues - or won't have a single clue about it either, unless being a specific +</I>>>>><i> type of user that would know how to disable this auto update setting anyway). +</I>>>>><i> +</I>>>>>><i> Changing when the password is requested would reduce the security for the system, as +</I>>>>>><i> unauthorised users could see what is installed. +</I>>>>><i> +</I>>>>><i> Unauthorised users using an authorised session, to be more specific. +</I>>><i> +</I>>><i> Such a situation is far from rare in multi-user environments. +</I>>><i> But also if someone doesn't know the root password, currently they can't see +</I>>><i> what is installed. By delaying it until something is actually updated, they can +</I>>><i> see everything. So a remote user with limited privileges could more easily +</I>>><i> compromise the system. +</I>><i> +</I>><i> They can use rpm -qa on the terminal to know what is installed. +</I> +True. And those more likely to present security problems would know how to use +the terminal. + +><i> And they can use urpmq --auto-select to see the current update. +</I> +Ok. + +><i> In fact, one reason to not ask password before updating would simply be +</I>><i> to decide if we update now, or later, due to various network related +</I>><i> reason ( like using 3g, or slow wifi ). If I see a update of +</I>><i> libreoffice, I would prefer do it at home. +</I> +I do that sort of thing a lot myself. For the same reason. + +><i> And there is no technical reasons to ask for password before displaying +</I>><i> so I think we should ask it only for important reason ( ie, really +</I>><i> update ). +</I>><i> This would be consistent with others os ( os x ask the password only we +</I>><i> choose to update, so does Fedora/packagekit and Ubuntu/apt-daemon ). +</I> +You convinced me. +(Maybe I tend to be a little overly concerned about security.) + +So there are 2 things I'd like to see. +- Moving the password requirement to just before actual update. +- Adding rpmdrake feature to put a specific package (exact version) in the skip +list in an advanced mode. (Much like the advanced mode of diskdrake.) +With an option to edit the skip list to remove items. +(I know I could edit the skip list via the console, but it would be easier and +less subject to typos in rpmdrake. And I'm a bit lazy.) +-- +André +</PRE> + +<!--endarticle--> + <HR> + <P><UL> + <!--threads--> + <LI>Previous message: <A HREF="004905.html">[Mageia-discuss] mageiaupdate and the list of updates +</A></li> + <LI>Next message: <A HREF="004901.html">[Mageia-discuss] mageiaupdate and the list of updates +</A></li> + <LI> <B>Messages sorted by:</B> + <a href="date.html#4909">[ date ]</a> + <a href="thread.html#4909">[ thread ]</a> + <a href="subject.html#4909">[ subject ]</a> + <a href="author.html#4909">[ author ]</a> + </LI> + </UL> + +<hr> +<a href="https://www.mageia.org/mailman/listinfo/mageia-discuss">More information about the Mageia-discuss +mailing list</a><br> +</body></html> |