diff options
Diffstat (limited to 'zarb-ml/mageia-discuss/20120208/006432.html')
| -rw-r--r-- | zarb-ml/mageia-discuss/20120208/006432.html | 121 |
1 files changed, 121 insertions, 0 deletions
diff --git a/zarb-ml/mageia-discuss/20120208/006432.html b/zarb-ml/mageia-discuss/20120208/006432.html new file mode 100644 index 000000000..331c04dc6 --- /dev/null +++ b/zarb-ml/mageia-discuss/20120208/006432.html @@ -0,0 +1,121 @@ +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN"> +<HTML> + <HEAD> + <TITLE> [Mageia-discuss] A possible risk ? + </TITLE> + <LINK REL="Index" HREF="index.html" > + <LINK REL="made" HREF="mailto:mageia-discuss%40mageia.org?Subject=Re%3A%20%5BMageia-discuss%5D%20A%20possible%20risk%20%3F&In-Reply-To=%3C1328711248.2207.43.camel%40liliana.cdg.redhat.com%3E"> + <META NAME="robots" CONTENT="index,nofollow"> + <META http-equiv="Content-Type" content="text/html; charset=us-ascii"> + <LINK REL="Previous" HREF="006430.html"> + <LINK REL="Next" HREF="006438.html"> + </HEAD> + <BODY BGCOLOR="#ffffff"> + <H1>[Mageia-discuss] A possible risk ?</H1> + <B>Michael Scherer</B> + <A HREF="mailto:mageia-discuss%40mageia.org?Subject=Re%3A%20%5BMageia-discuss%5D%20A%20possible%20risk%20%3F&In-Reply-To=%3C1328711248.2207.43.camel%40liliana.cdg.redhat.com%3E" + TITLE="[Mageia-discuss] A possible risk ?">misc at zarb.org + </A><BR> + <I>Wed Feb 8 15:27:28 CET 2012</I> + <P><UL> + <LI>Previous message: <A HREF="006430.html">[Mageia-discuss] A possible risk ? +</A></li> + <LI>Next message: <A HREF="006438.html">[Mageia-discuss] A possible risk ? +</A></li> + <LI> <B>Messages sorted by:</B> + <a href="date.html#6432">[ date ]</a> + <a href="thread.html#6432">[ thread ]</a> + <a href="subject.html#6432">[ subject ]</a> + <a href="author.html#6432">[ author ]</a> + </LI> + </UL> + <HR> +<!--beginarticle--> +<PRE>Le mercredi 08 février 2012 à 14:02 +0100, Wolfgang Bornath a écrit : +><i> 2012/2/8 Michael Scherer <<A HREF="https://www.mageia.org/mailman/listinfo/mageia-discuss">misc at zarb.org</A>>: +</I>><i> > Le mercredi 08 février 2012 à 08:47 -0300, Renaud (Ron) Olgiati a +</I>><i> > écrit : +</I>><i> >> On Wednesday 08 Feb 2012 08:37 my mailbox was graced by a message from Claire +</I>><i> >> Robinson who wrote: +</I>><i> >> > > I ended up installing Mageia 1 on his box, but I wonder why does the +</I>><i> >> > > distribution allow the user to potentially hose his system, when it +</I>><i> >> > > requires the root password to install a prog ? +</I>><i> >> > > Would it not make more sense to ask for the root password for the updates? +</I>><i> >> +</I>><i> >> > It is configurable in MCC. You can find it under Security => Configure +</I>><i> >> > authentication for Mageia Tools. +</I>><i> >> > Just select root for Update. +</I>><i> >> +</I>><i> >> Brilliant, thanks. +</I>><i> >> +</I>><i> >> But would it not make more sense to have the default changed to root ? +</I>><i> > +</I>><i> > That totally miss the point, which is that a upgrade hosed the system. +</I>><i> > Would requiring the root password have changed that ? I doubt. +</I>><i> +</I>><i> No. What you are pointing at (the breakage of the system) is a matter +</I>><i> to be looked at. +</I> +In fact, the breakage is not our call, since this is on Mandriva. + +Read again : "I just had a call for help from a friend who used the +Sytem Update applet to update his Mandriva 2010.2 install and ended up +with an un-usable machine, KDE +crashing when opening a session." + +So basically, a mandriva update applied on a mandriva system did go +wrong, without explaining why or what caused issues ( could have been +various stuff, from bad packages or updates breakage, and given the lack +of evidence and information, we cannot conclude much, except this is not +our problem at all since this is on Mandriva ). + +><i> But the point you are missing is the security breakage. If a user +</I>><i> does not have the root password then there is a reason for that and he +</I>><i> is probably working in an environment where only dedicated people have +</I>><i> the permission to do system management and it is their task to do +</I>><i> updates. +</I> +Then in such environment, the sysadmin will set it so only him can do +update. If there is a admin, we should assume that he know what to do, +and restrict it accordingly, using the tools as explained by Claire. + +><i> A private user who is on his own usually has the root +</I>><i> password. So your point of missing security updates because of 2 +</I>><i> passwords is not valid. +</I> +What part of "having to keep 2 password is more complex than having one" +is wrong ? I have seen lots of people even asking to remove all +passwords since they do not care, so having 2 just worst. + + +-- +Michael Scherer + +</PRE> + + + + + + + +<!--endarticle--> + <HR> + <P><UL> + <!--threads--> + <LI>Previous message: <A HREF="006430.html">[Mageia-discuss] A possible risk ? +</A></li> + <LI>Next message: <A HREF="006438.html">[Mageia-discuss] A possible risk ? +</A></li> + <LI> <B>Messages sorted by:</B> + <a href="date.html#6432">[ date ]</a> + <a href="thread.html#6432">[ thread ]</a> + <a href="subject.html#6432">[ subject ]</a> + <a href="author.html#6432">[ author ]</a> + </LI> + </UL> + +<hr> +<a href="https://www.mageia.org/mailman/listinfo/mageia-discuss">More information about the Mageia-discuss +mailing list</a><br> +</body></html> |