From 1be510f9529cb082f802408b472a77d074b394c0 Mon Sep 17 00:00:00 2001 From: Nicolas Vigier Date: Sun, 14 Apr 2013 13:46:12 +0000 Subject: Add zarb MLs html archives --- zarb-ml/mageia-discuss/20110704/004900.html | 101 ++++++++++++++++++++++++++++ 1 file changed, 101 insertions(+) create mode 100644 zarb-ml/mageia-discuss/20110704/004900.html (limited to 'zarb-ml/mageia-discuss/20110704/004900.html') diff --git a/zarb-ml/mageia-discuss/20110704/004900.html b/zarb-ml/mageia-discuss/20110704/004900.html new file mode 100644 index 000000000..a464279ba --- /dev/null +++ b/zarb-ml/mageia-discuss/20110704/004900.html @@ -0,0 +1,101 @@ + + + + [Mageia-discuss] mageiaupdate and the list of updates + + + + + + + + + +

[Mageia-discuss] mageiaupdate and the list of updates

+ Michael Scherer + misc at zarb.org +
+ Mon Jul 4 01:46:59 CEST 2011 +

+
+ +
Le samedi 02 juillet 2011 à 19:40 -0400, andre999 a écrit :
+> Anne nicolas a écrit :
+> > 2011/7/2 Romain d'Alverny<rdalverny at gmail.com>:
+> >> Le 2 juil. 2011 à 17:14, andre999<andr55 at laposte.net>  a écrit :
+> >>> Suppose during the update process you have a check box to put a particular update on
+> >>> the skip list, or another to uninstall the corresponding package.
+> >>
+> >> That would be an interesting option to investigate.
+> >>
+> >>> Note that if you can't uninstall a package because it is required, it is usually
+> >>> inadvisable skip updates, unless you really understand the issues.
+> >>
+> >> So the user is stuck: unadvisable to skip the updates, unless she understands the issues
+> >> =>  just make the update automatic in a background task by default then; one doesn't care
+> >> about the issues - or won't have a single clue about it either, unless being a specific
+> >> type of user that would know how to disable this auto update setting anyway).
+> >>
+> >>> Changing when the password is requested would reduce the security for the system, as
+> >>> unauthorised users could see what is installed.
+> >>
+> >> Unauthorised users using an authorised session, to be more specific.
+> 
+> Such a situation is far from rare in multi-user environments.
+> But also if someone doesn't know the root password, currently they can't see 
+> what is installed.  By delaying it until something is actually updated, they can 
+> see everything.  So a remote user with limited privileges could more easily 
+> compromise the system.
+
+They can use rpm -qa on the terminal to know what is installed.
+
+And they can use urpmq --auto-select to see the current update.
+
+In fact, one reason to not ask password before updating would simply be
+to decide if we update now, or later, due to various network related
+reason ( like using 3g, or slow wifi ). If I see a update of
+libreoffice, I would prefer do it at home.
+
+And there is no technical reasons to ask for password before displaying
+so I think we should ask it only for important reason ( ie, really
+update ).
+This would be consistent with others os ( os x ask the password only we
+choose to update, so does Fedora/packagekit and Ubuntu/apt-daemon ).
+
+-- 
+Michael Scherer
+
+
+ + + + +
+

+ +
+More information about the Mageia-discuss +mailing list
+ -- cgit v1.2.1