From 1be510f9529cb082f802408b472a77d074b394c0 Mon Sep 17 00:00:00 2001 From: Nicolas Vigier Date: Sun, 14 Apr 2013 13:46:12 +0000 Subject: Add zarb MLs html archives --- zarb-ml/mageia-discuss/20120208/006415.html | 64 ++++++ zarb-ml/mageia-discuss/20120208/006416.html | 64 ++++++ zarb-ml/mageia-discuss/20120208/006417.html | 67 ++++++ zarb-ml/mageia-discuss/20120208/006418.html | 65 ++++++ zarb-ml/mageia-discuss/20120208/006419.html | 84 +++++++ zarb-ml/mageia-discuss/20120208/006420.html | 89 ++++++++ zarb-ml/mageia-discuss/20120208/006421.html | 97 ++++++++ zarb-ml/mageia-discuss/20120208/006422.html | 80 +++++++ zarb-ml/mageia-discuss/20120208/006423.html | 68 ++++++ zarb-ml/mageia-discuss/20120208/006424.html | 141 ++++++++++++ zarb-ml/mageia-discuss/20120208/006425.html | 97 ++++++++ zarb-ml/mageia-discuss/20120208/006426.html | 104 +++++++++ zarb-ml/mageia-discuss/20120208/006427.html | 95 ++++++++ zarb-ml/mageia-discuss/20120208/006428.html | 101 +++++++++ zarb-ml/mageia-discuss/20120208/006429.html | 79 +++++++ zarb-ml/mageia-discuss/20120208/006430.html | 96 ++++++++ zarb-ml/mageia-discuss/20120208/006431.html | 95 ++++++++ zarb-ml/mageia-discuss/20120208/006432.html | 121 ++++++++++ zarb-ml/mageia-discuss/20120208/006433.html | 97 ++++++++ zarb-ml/mageia-discuss/20120208/006434.html | 81 +++++++ zarb-ml/mageia-discuss/20120208/006435.html | 73 ++++++ zarb-ml/mageia-discuss/20120208/006436.html | 101 +++++++++ zarb-ml/mageia-discuss/20120208/006437.html | 107 +++++++++ zarb-ml/mageia-discuss/20120208/006438.html | 119 ++++++++++ zarb-ml/mageia-discuss/20120208/006439.html | 95 ++++++++ zarb-ml/mageia-discuss/20120208/006440.html | 73 ++++++ zarb-ml/mageia-discuss/20120208/006441.html | 83 +++++++ zarb-ml/mageia-discuss/20120208/006442.html | 81 +++++++ zarb-ml/mageia-discuss/20120208/006443.html | 91 ++++++++ zarb-ml/mageia-discuss/20120208/006444.html | 101 +++++++++ zarb-ml/mageia-discuss/20120208/006445.html | 104 +++++++++ zarb-ml/mageia-discuss/20120208/006446.html | 119 ++++++++++ zarb-ml/mageia-discuss/20120208/006447.html | 84 +++++++ zarb-ml/mageia-discuss/20120208/006448.html | 106 +++++++++ zarb-ml/mageia-discuss/20120208/006449.html | 89 ++++++++ zarb-ml/mageia-discuss/20120208/006450.html | 100 +++++++++ zarb-ml/mageia-discuss/20120208/006451.html | 95 ++++++++ zarb-ml/mageia-discuss/20120208/006452.html | 74 ++++++ zarb-ml/mageia-discuss/20120208/006453.html | 69 ++++++ zarb-ml/mageia-discuss/20120208/006454.html | 78 +++++++ zarb-ml/mageia-discuss/20120208/006455.html | 66 ++++++ zarb-ml/mageia-discuss/20120208/007766.html | 117 ++++++++++ zarb-ml/mageia-discuss/20120208/007767.html | 66 ++++++ zarb-ml/mageia-discuss/20120208/author.html | 262 ++++++++++++++++++++++ zarb-ml/mageia-discuss/20120208/date.html | 262 ++++++++++++++++++++++ zarb-ml/mageia-discuss/20120208/index.html | 1 + zarb-ml/mageia-discuss/20120208/subject.html | 262 ++++++++++++++++++++++ zarb-ml/mageia-discuss/20120208/thread.html | 321 +++++++++++++++++++++++++++ 48 files changed, 4984 insertions(+) create mode 100644 zarb-ml/mageia-discuss/20120208/006415.html create mode 100644 zarb-ml/mageia-discuss/20120208/006416.html create mode 100644 zarb-ml/mageia-discuss/20120208/006417.html create mode 100644 zarb-ml/mageia-discuss/20120208/006418.html create mode 100644 zarb-ml/mageia-discuss/20120208/006419.html create mode 100644 zarb-ml/mageia-discuss/20120208/006420.html create mode 100644 zarb-ml/mageia-discuss/20120208/006421.html create mode 100644 zarb-ml/mageia-discuss/20120208/006422.html create mode 100644 zarb-ml/mageia-discuss/20120208/006423.html create mode 100644 zarb-ml/mageia-discuss/20120208/006424.html create mode 100644 zarb-ml/mageia-discuss/20120208/006425.html create mode 100644 zarb-ml/mageia-discuss/20120208/006426.html create mode 100644 zarb-ml/mageia-discuss/20120208/006427.html create mode 100644 zarb-ml/mageia-discuss/20120208/006428.html create mode 100644 zarb-ml/mageia-discuss/20120208/006429.html create mode 100644 zarb-ml/mageia-discuss/20120208/006430.html create mode 100644 zarb-ml/mageia-discuss/20120208/006431.html create mode 100644 zarb-ml/mageia-discuss/20120208/006432.html create mode 100644 zarb-ml/mageia-discuss/20120208/006433.html create mode 100644 zarb-ml/mageia-discuss/20120208/006434.html create mode 100644 zarb-ml/mageia-discuss/20120208/006435.html create mode 100644 zarb-ml/mageia-discuss/20120208/006436.html create mode 100644 zarb-ml/mageia-discuss/20120208/006437.html create mode 100644 zarb-ml/mageia-discuss/20120208/006438.html create mode 100644 zarb-ml/mageia-discuss/20120208/006439.html create mode 100644 zarb-ml/mageia-discuss/20120208/006440.html create mode 100644 zarb-ml/mageia-discuss/20120208/006441.html create mode 100644 zarb-ml/mageia-discuss/20120208/006442.html create mode 100644 zarb-ml/mageia-discuss/20120208/006443.html create mode 100644 zarb-ml/mageia-discuss/20120208/006444.html create mode 100644 zarb-ml/mageia-discuss/20120208/006445.html create mode 100644 zarb-ml/mageia-discuss/20120208/006446.html create mode 100644 zarb-ml/mageia-discuss/20120208/006447.html create mode 100644 zarb-ml/mageia-discuss/20120208/006448.html create mode 100644 zarb-ml/mageia-discuss/20120208/006449.html create mode 100644 zarb-ml/mageia-discuss/20120208/006450.html create mode 100644 zarb-ml/mageia-discuss/20120208/006451.html create mode 100644 zarb-ml/mageia-discuss/20120208/006452.html create mode 100644 zarb-ml/mageia-discuss/20120208/006453.html create mode 100644 zarb-ml/mageia-discuss/20120208/006454.html create mode 100644 zarb-ml/mageia-discuss/20120208/006455.html create mode 100644 zarb-ml/mageia-discuss/20120208/007766.html create mode 100644 zarb-ml/mageia-discuss/20120208/007767.html create mode 100644 zarb-ml/mageia-discuss/20120208/author.html create mode 100644 zarb-ml/mageia-discuss/20120208/date.html create mode 120000 zarb-ml/mageia-discuss/20120208/index.html create mode 100644 zarb-ml/mageia-discuss/20120208/subject.html create mode 100644 zarb-ml/mageia-discuss/20120208/thread.html (limited to 'zarb-ml/mageia-discuss/20120208') diff --git a/zarb-ml/mageia-discuss/20120208/006415.html b/zarb-ml/mageia-discuss/20120208/006415.html new file mode 100644 index 000000000..492eb4479 --- /dev/null +++ b/zarb-ml/mageia-discuss/20120208/006415.html @@ -0,0 +1,64 @@ + + + + [Mageia-discuss] Mageia 2 bootstrap time is 3 times that of Mageia1 + + + + + + + + + +

[Mageia-discuss] Mageia 2 bootstrap time is 3 times that of Mageia1

+ Olav Vitters + olav at vitters.nl +
+ Wed Feb 8 07:15:49 CET 2012 +

+
+ +
On Tue, Feb 07, 2012 at 08:19:57PM +0100, Juergen Harms wrote:
+> About 21 seconds for Mageia 1, 61 seconds for an up-to-date Mageia 2.
+
+Please give the output of:
+systemd-analyse plot > systemd-boot-plot.svg
+
+(not for me, for others:)
+-- 
+Regards,
+Olav
+
+ + + +
+

+ +
+More information about the Mageia-discuss +mailing list
+ diff --git a/zarb-ml/mageia-discuss/20120208/006416.html b/zarb-ml/mageia-discuss/20120208/006416.html new file mode 100644 index 000000000..5bbf19695 --- /dev/null +++ b/zarb-ml/mageia-discuss/20120208/006416.html @@ -0,0 +1,64 @@ + + + + [Mageia-discuss] Mageia 2 bootstrap time is 3 times that of Mageia1 + + + + + + + + + +

[Mageia-discuss] Mageia 2 bootstrap time is 3 times that of Mageia1

+ Juergen Harms + Juergen.Harms at unige.ch +
+ Wed Feb 8 11:29:07 CET 2012 +

+
+ +
On 02/08/2012 07:15 AM, Olav Vitters wrote:
+> Please give the output of:
+> systemd-analyse plot>  systemd-boot-plot.svg
+
+That gives a message of > 300 kbytes, might be hard on people who have a 
+slow connection. I am trying to put it on the server at my lab, but 
+presently have problems with that- do you have a better suggestion ?
+
+
+ + + +
+

+ +
+More information about the Mageia-discuss +mailing list
+ diff --git a/zarb-ml/mageia-discuss/20120208/006417.html b/zarb-ml/mageia-discuss/20120208/006417.html new file mode 100644 index 000000000..73f10af66 --- /dev/null +++ b/zarb-ml/mageia-discuss/20120208/006417.html @@ -0,0 +1,67 @@ + + + + [Mageia-discuss] Mageia 2 bootstrap time is 3 times that of Mageia1 + + + + + + + + + +

[Mageia-discuss] Mageia 2 bootstrap time is 3 times that of Mageia1

+ Florian Hubold + doktor5000 at arcor.de +
+ Wed Feb 8 11:34:55 CET 2012 +

+
+ +
Am 08.02.2012 11:29, schrieb Juergen Harms:
+> On 02/08/2012 07:15 AM, Olav Vitters wrote:
+>> Please give the output of:
+>> systemd-analyse plot>  systemd-boot-plot.svg
+>
+> That gives a message of > 300 kbytes, might be hard on people who have a slow
+> connection. I am trying to put it on the server at my lab, but presently have
+> problems with that- do you have a better suggestion ?
+>
+>
+Upload it to any one-click-hoster or FTP and give a link here?
+
+ + + +
+

+ +
+More information about the Mageia-discuss +mailing list
+ diff --git a/zarb-ml/mageia-discuss/20120208/006418.html b/zarb-ml/mageia-discuss/20120208/006418.html new file mode 100644 index 000000000..0d863b830 --- /dev/null +++ b/zarb-ml/mageia-discuss/20120208/006418.html @@ -0,0 +1,65 @@ + + + + [Mageia-discuss] Mageia 2 bootstrap time is 3 times that of Mageia1 + + + + + + + + + +

[Mageia-discuss] Mageia 2 bootstrap time is 3 times that of Mageia1

+ Juergen Harms + Juergen.Harms at unige.ch +
+ Wed Feb 8 11:41:17 CET 2012 +

+
+ +
The reason for my problem was a simple typo - needed our system engineer 
+to sort that out - this is my sloppy day. You can retrieve the file at
+
+http://cui.unige.ch/~harms/Download/systemd-boot-plot.svg
+
+Looks like substantial time is spent in network configuration: my 
+controller is an 82566DM-2, I am using the drivers installed at 
+sysinstall (and sysinstall fails at network initialisation, but the 
+network comes up at boot time - there exists a bug report on this issue).
+
+ + + +
+

+ +
+More information about the Mageia-discuss +mailing list
+ diff --git a/zarb-ml/mageia-discuss/20120208/006419.html b/zarb-ml/mageia-discuss/20120208/006419.html new file mode 100644 index 000000000..dbd81a062 --- /dev/null +++ b/zarb-ml/mageia-discuss/20120208/006419.html @@ -0,0 +1,84 @@ + + + + [Mageia-discuss] A possible risk ? + + + + + + + + + +

[Mageia-discuss] A possible risk ?

+ Renaud (Ron) Olgiati + renaud at olgiati-in-paraguay.org +
+ Wed Feb 8 12:29:49 CET 2012 +

+
+ +
I just had a call for help from a friend who used the Sytem Update applet to 
+update his Mandriva 2010.2 install and ended up with an un-usable machine, KDE 
+crashing when opening a session.
+
+ Never having used the System Upgrade applet before, I was surprised to see 
+that it only requires the user password to launch a system update, in Mageia 
+as well as in Mandriva.
+
+I ended up installing Mageia 1 on his box, but I wonder why does the 
+distribution allow the user to potentially hose his system, when it requires 
+the root password to install a prog ?
+
+Would it not make more sense to ask for the root password for the updates ?
+
+Cheers,
+ 
+Ron.
+
+PS User has been warned against updating in the future ! 
+And as he is worried about his system going down when I am not available to 
+help, I am going to make a new partition, and put in it another install of a 
+different version of the distribution, just in case. 
+-- 
+                            Oderint, dum metuant.
+                                        -- Accius
+                                    
+                   -- http://www.olgiati-in-paraguay.org --
+
+
+ + + +
+

+ +
+More information about the Mageia-discuss +mailing list
+ diff --git a/zarb-ml/mageia-discuss/20120208/006420.html b/zarb-ml/mageia-discuss/20120208/006420.html new file mode 100644 index 000000000..ba5dcae3c --- /dev/null +++ b/zarb-ml/mageia-discuss/20120208/006420.html @@ -0,0 +1,89 @@ + + + + [Mageia-discuss] A possible risk ? + + + + + + + + + +

[Mageia-discuss] A possible risk ?

+ Claire Robinson + eeeemail at gmail.com +
+ Wed Feb 8 12:37:26 CET 2012 +

+
+ +
On 08/02/12 11:29, Renaud (Ron) Olgiati wrote:
+> I just had a call for help from a friend who used the Sytem Update applet to
+> update his Mandriva 2010.2 install and ended up with an un-usable machine, KDE
+> crashing when opening a session.
+>
+>   Never having used the System Upgrade applet before, I was surprised to see
+> that it only requires the user password to launch a system update, in Mageia
+> as well as in Mandriva.
+>
+> I ended up installing Mageia 1 on his box, but I wonder why does the
+> distribution allow the user to potentially hose his system, when it requires
+> the root password to install a prog ?
+>
+> Would it not make more sense to ask for the root password for the updates ?
+>
+> Cheers,
+>
+> Ron.
+>
+> PS User has been warned against updating in the future !
+> And as he is worried about his system going down when I am not available to
+> help, I am going to make a new partition, and put in it another install of a
+> different version of the distribution, just in case.
+
+
+It is configurable in MCC. You can find it under Security => Configure 
+authentication for Mageia Tools.
+
+Just select root for Update.
+
+HTH
+Claire
+
+ + + + +
+

+ +
+More information about the Mageia-discuss +mailing list
+ diff --git a/zarb-ml/mageia-discuss/20120208/006421.html b/zarb-ml/mageia-discuss/20120208/006421.html new file mode 100644 index 000000000..41df3b984 --- /dev/null +++ b/zarb-ml/mageia-discuss/20120208/006421.html @@ -0,0 +1,97 @@ + + + + [Mageia-discuss] A possible risk ? + + + + + + + + + +

[Mageia-discuss] A possible risk ?

+ AL13N + alien at rmail.be +
+ Wed Feb 8 12:52:24 CET 2012 +

+
+ +
> On 08/02/12 11:29, Renaud (Ron) Olgiati wrote:
+[...]
+> It is configurable in MCC. You can find it under Security => Configure
+> authentication for Mageia Tools.
+>
+> Just select root for Update.
+[...]
+
+I had understood his point as the difference between updates and upgrades.
+or am I mistaken?
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+

+ +
+More information about the Mageia-discuss +mailing list
+ diff --git a/zarb-ml/mageia-discuss/20120208/006422.html b/zarb-ml/mageia-discuss/20120208/006422.html new file mode 100644 index 000000000..fc483970b --- /dev/null +++ b/zarb-ml/mageia-discuss/20120208/006422.html @@ -0,0 +1,80 @@ + + + + [Mageia-discuss] A possible risk ? + + + + + + + + + +

[Mageia-discuss] A possible risk ?

+ Renaud (Ron) Olgiati + renaud at olgiati-in-paraguay.org +
+ Wed Feb 8 12:47:57 CET 2012 +

+
+ +
On Wednesday 08 Feb 2012 08:37 my mailbox was graced by a message from Claire 
+Robinson who wrote:
+> > I ended up installing Mageia 1 on his box, but I wonder why does the
+> > distribution allow the user to potentially hose his system, when it
+> > requires the root password to install a prog ?
+> > Would it not make more sense to ask for the root password for the updates?
+
+> It is configurable in MCC. You can find it under Security => Configure 
+> authentication for Mageia Tools.
+> Just select root for Update.
+
+Brilliant, thanks.
+
+But would it not make more sense to have the default changed to root ?
+ 
+Cheers,
+ 
+Ron.
+-- 
+     Puritanism: The haunting fear that someone, somewhere, may be happy.
+                                                   -- Henry Louis Mencken
+                                    
+                   -- http://www.olgiati-in-paraguay.org --
+
+
+ + + +
+

+ +
+More information about the Mageia-discuss +mailing list
+ diff --git a/zarb-ml/mageia-discuss/20120208/006423.html b/zarb-ml/mageia-discuss/20120208/006423.html new file mode 100644 index 000000000..220cea845 --- /dev/null +++ b/zarb-ml/mageia-discuss/20120208/006423.html @@ -0,0 +1,68 @@ + + + + [Mageia-discuss] A possible risk ? + + + + + + + + + +

[Mageia-discuss] A possible risk ?

+ Sander Lepik + sander.lepik at eesti.ee +
+ Wed Feb 8 12:56:38 CET 2012 +

+
+ +
08.02.2012 13:47, Renaud (Ron) Olgiati kirjutas:
+> Brilliant, thanks.
+>
+> But would it not make more sense to have the default changed to root ?
+Updates shouldn't break system and so i think they should be enabled for 
+normal users. Upgrades is something else and should be disabled for 
+normal users. You can report bug about this problem.
+
+--
+Sander
+
+
+ + + + +
+

+ +
+More information about the Mageia-discuss +mailing list
+ diff --git a/zarb-ml/mageia-discuss/20120208/006424.html b/zarb-ml/mageia-discuss/20120208/006424.html new file mode 100644 index 000000000..3ffe1ef89 --- /dev/null +++ b/zarb-ml/mageia-discuss/20120208/006424.html @@ -0,0 +1,141 @@ + + + + [Mageia-discuss] GSOC 2012 + + + + + + + + + +

[Mageia-discuss] GSOC 2012

+ Michael Scherer + misc at zarb.org +
+ Wed Feb 8 13:24:01 CET 2012 +

+
+ +
Hi,
+
+Google announced during FOSDEM that the summer of code program 2012 have
+been launched officially :
+http://google-opensource.blogspot.com/2012/02/google-summer-of-code-2012-is-on.html
+
+( for people who never have heard of, just follow the links and then ask
+questions here )
+
+I have opened a page on our wiki so we can try to apply to the program
+this year : 
+https://wiki.mageia.org/en/SummerOfCode2012
+
+There is the application proposal, as long as answers for the questions
+( found in the FAQ )
+
+I also put 2 draft proposals, that I found after taking a shower, but do
+not hesitate to place more. Please also follow the format I used, since
+it should explain to student what they need, what they learn, and who to
+contact. Feel free to add almost complete proposal, but do not try to
+add too much. To cope with possible problem, please find a backup mentor
+ 
+The deadline is rather tight, so do not lose much time. I propose to
+review the various proposals in 2 weeks, and keep those that follow
+simple criterias :
+- have a committed member of the community as mentor
+- take only a limited number of proposal per mentor ( to avoid him being
+overloded ), I guess 2 or 3 would be enough
+- have a backup ( no backup, no proposal, no exception )
+- have realistic and interesting project for a student in a 2 months
+time frame.
+
+Keep in mind that the deadline will be around the release of Mageia 2,
+so this may affect availability of mentors. 
+
+What to do :
+- complete the page started on the wiki. There is still various TODO to
+put what is still needed to be fixed. 
+- add links to various sources of information, be it others
+organisations applying, or summary of do and don't, etc.
+- review
+http://www.google-melange.com/gsoc/document/show/gsoc_program/google/gsoc2012/org_admin_agreement
+and see if we can accept that
+- find a backup for the administration of the program. Also, if someone
+is volunteer to be the main admin, I would be relived  to not be that
+one ( even if, as the one proposing that we participate, I am the de
+facto volunteer for that position )
+- clean the proposal page from drafts before applying
+- apply
+
+I guess we could use a blog post for that, but we have first to speak of
+fosdem, of the sysadmin trip to datacenter, etc.
+
+-- 
+Michael Scherer
+
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+

+ +
+More information about the Mageia-discuss +mailing list
+ diff --git a/zarb-ml/mageia-discuss/20120208/006425.html b/zarb-ml/mageia-discuss/20120208/006425.html new file mode 100644 index 000000000..d1db73e4b --- /dev/null +++ b/zarb-ml/mageia-discuss/20120208/006425.html @@ -0,0 +1,97 @@ + + + + [Mageia-discuss] A possible risk ? + + + + + + + + + +

[Mageia-discuss] A possible risk ?

+ Michael Scherer + misc at zarb.org +
+ Wed Feb 8 13:35:01 CET 2012 +

+
+ +
Le mercredi 08 février 2012 à 08:47 -0300, Renaud (Ron) Olgiati a
+écrit :
+> On Wednesday 08 Feb 2012 08:37 my mailbox was graced by a message from Claire 
+> Robinson who wrote:
+> > > I ended up installing Mageia 1 on his box, but I wonder why does the
+> > > distribution allow the user to potentially hose his system, when it
+> > > requires the root password to install a prog ?
+> > > Would it not make more sense to ask for the root password for the updates?
+> 
+> > It is configurable in MCC. You can find it under Security => Configure 
+> > authentication for Mageia Tools.
+> > Just select root for Update.
+> 
+> Brilliant, thanks.
+> 
+> But would it not make more sense to have the default changed to root ?
+
+That totally miss the point, which is that a upgrade hosed the system.
+Would requiring the root password have changed that ? I doubt. 
+
+However, if the user cannot do upgrade without asking to someone else
+( because that's the whole point of having 2 different passwords, else,
+that's just a nuisance that will confuse most people ), then he will
+likely miss security and bugfixes updates, and that's problematic. 
+
+And I truly doubt that having a separate person ( ie, asking to someone
+else who has the root password ) would have avoid any issues due to
+upgrade. I am pretty sure that both of us would have also updated the
+computer. 
+
+The risk is the lack of QA, and I have been repeating this since a long
+time. If people cannot trust updates, they will use them, and they face
+issues and security problems, and that will tarnish our reputation,
+among others.
+-- 
+Michael Scherer
+
+
+
+ + + + + + +
+

+ +
+More information about the Mageia-discuss +mailing list
+ diff --git a/zarb-ml/mageia-discuss/20120208/006426.html b/zarb-ml/mageia-discuss/20120208/006426.html new file mode 100644 index 000000000..00947624d --- /dev/null +++ b/zarb-ml/mageia-discuss/20120208/006426.html @@ -0,0 +1,104 @@ + + + + [Mageia-discuss] A possible risk ? + + + + + + + + + +

[Mageia-discuss] A possible risk ?

+ Claire Robinson + eeeemail at gmail.com +
+ Wed Feb 8 13:47:41 CET 2012 +

+
+ +
On 08/02/12 12:35, Michael Scherer wrote:
+> Le mercredi 08 février 2012 à 08:47 -0300, Renaud (Ron) Olgiati a
+> écrit :
+>> On Wednesday 08 Feb 2012 08:37 my mailbox was graced by a message from Claire
+>> Robinson who wrote:
+>>>> I ended up installing Mageia 1 on his box, but I wonder why does the
+>>>> distribution allow the user to potentially hose his system, when it
+>>>> requires the root password to install a prog ?
+>>>> Would it not make more sense to ask for the root password for the updates?
+>>
+>>> It is configurable in MCC. You can find it under Security =>  Configure
+>>> authentication for Mageia Tools.
+>>> Just select root for Update.
+>>
+>> Brilliant, thanks.
+>>
+>> But would it not make more sense to have the default changed to root ?
+>
+> That totally miss the point, which is that a upgrade hosed the system.
+> Would requiring the root password have changed that ? I doubt.
+>
+> However, if the user cannot do upgrade without asking to someone else
+> ( because that's the whole point of having 2 different passwords, else,
+> that's just a nuisance that will confuse most people ), then he will
+> likely miss security and bugfixes updates, and that's problematic.
+>
+> And I truly doubt that having a separate person ( ie, asking to someone
+> else who has the root password ) would have avoid any issues due to
+> upgrade. I am pretty sure that both of us would have also updated the
+> computer.
+>
+> The risk is the lack of QA, and I have been repeating this since a long
+> time. If people cannot trust updates, they will use them, and they face
+> issues and security problems, and that will tarnish our reputation,
+> among others.
+
+
+I don't think QA is an issue regarding updates to 1. Do you really feel 
+that way or were you meaning in a more general way?
+
+Ensuring an upgrade path from Mandriva 2010.2 is really something we (QA 
+team) would expect maintainers to maintain.
+
+
+
+ + + + + + + +
+

+ +
+More information about the Mageia-discuss +mailing list
+ diff --git a/zarb-ml/mageia-discuss/20120208/006427.html b/zarb-ml/mageia-discuss/20120208/006427.html new file mode 100644 index 000000000..3adc3a1ff --- /dev/null +++ b/zarb-ml/mageia-discuss/20120208/006427.html @@ -0,0 +1,95 @@ + + + + [Mageia-discuss] First Mageia Artwork contest + + + + + + + + + +

[Mageia-discuss] First Mageia Artwork contest

+ Anne nicolas + ennael at mageia.org +
+ Wed Feb 8 13:49:12 CET 2012 +

+
+ +
Hi there
+
+As planned on last atwork meeting, Mageia artwork contest has been
+launched this morning.
+
+All details here: http://blog.mageia.org/en/2012/02/08/mageia-2-artwork-contest/
+
+May the best man win!
+
+-- 
+Anne
+http://www.mageia.org
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+

+ +
+More information about the Mageia-discuss +mailing list
+ diff --git a/zarb-ml/mageia-discuss/20120208/006428.html b/zarb-ml/mageia-discuss/20120208/006428.html new file mode 100644 index 000000000..a5bd2ff39 --- /dev/null +++ b/zarb-ml/mageia-discuss/20120208/006428.html @@ -0,0 +1,101 @@ + + + + [Mageia-discuss] A possible risk ? + + + + + + + + + +

[Mageia-discuss] A possible risk ?

+ Florian Hubold + doktor5000 at arcor.de +
+ Wed Feb 8 13:50:46 CET 2012 +

+
+ +
Am 08.02.2012 13:35, schrieb Michael Scherer:
+> Le mercredi 08 février 2012 à 08:47 -0300, Renaud (Ron) Olgiati a
+> écrit :
+>> On Wednesday 08 Feb 2012 08:37 my mailbox was graced by a message from Claire 
+>> Robinson who wrote:
+>>>> I ended up installing Mageia 1 on his box, but I wonder why does the
+>>>> distribution allow the user to potentially hose his system, when it
+>>>> requires the root password to install a prog ?
+>>>> Would it not make more sense to ask for the root password for the updates?
+>>> It is configurable in MCC. You can find it under Security => Configure 
+>>> authentication for Mageia Tools.
+>>> Just select root for Update.
+>> Brilliant, thanks.
+>>
+>> But would it not make more sense to have the default changed to root ?
+> That totally miss the point, which is that a upgrade hosed the system.
+> Would requiring the root password have changed that ? I doubt. 
+>
+> However, if the user cannot do upgrade without asking to someone else
+> ( because that's the whole point of having 2 different passwords, else,
+> that's just a nuisance that will confuse most people ), then he will
+> likely miss security and bugfixes updates, and that's problematic. 
+>
+> And I truly doubt that having a separate person ( ie, asking to someone
+> else who has the root password ) would have avoid any issues due to
+> upgrade. I am pretty sure that both of us would have also updated the
+> computer. 
+>
+> The risk is the lack of QA, and I have been repeating this since a long
+> time. If people cannot trust updates, they will use them, and they face
+> issues and security problems, and that will tarnish our reputation,
+> among others.
+Well, you also miss the point if the cause for this breakage (maybe some packages
+that are currently missing/only available in an older version compared to Mandriva)
+is not reported, we can't really fix it, no?
+
+So just telling: "An upgrade from Mandriva broke my machine" will do no good at
+all,
+IMHO.
+
+ + + + + + + + + +
+

+ +
+More information about the Mageia-discuss +mailing list
+ diff --git a/zarb-ml/mageia-discuss/20120208/006429.html b/zarb-ml/mageia-discuss/20120208/006429.html new file mode 100644 index 000000000..2851dbf7b --- /dev/null +++ b/zarb-ml/mageia-discuss/20120208/006429.html @@ -0,0 +1,79 @@ + + + + [Mageia-discuss] A possible risk ? + + + + + + + + + +

[Mageia-discuss] A possible risk ?

+ Wolfgang Bornath + molch.b at googlemail.com +
+ Wed Feb 8 13:51:27 CET 2012 +

+
+ +
2012/2/8 Sander Lepik <sander.lepik at eesti.ee>:
+> 08.02.2012 13:47, Renaud (Ron) Olgiati kirjutas:
+>
+>> Brilliant, thanks.
+>>
+>> But would it not make more sense to have the default changed to root ?
+>
+> Updates shouldn't break system and so i think they should be enabled for
+> normal users. Upgrades is something else and should be disabled for normal
+> users. You can report bug about this problem.
+
+Last November I setup my normal Mageia system to auto-boot into xguest
+so visitors at the Mageia stand at an exhibition can try out Mageia. I
+was surpised and shocked when I watched the update icon light up and
+the visitor could perform this update as xguest! This IS a risk no
+matter whether an update breaks a system or not. After I saw this the
+first thing I did was su into root and change the permission setting
+for updates.
+
+This is one thing where security was broken for ease of use.
+
+-- 
+wobo
+
+ + + +
+

+ +
+More information about the Mageia-discuss +mailing list
+ diff --git a/zarb-ml/mageia-discuss/20120208/006430.html b/zarb-ml/mageia-discuss/20120208/006430.html new file mode 100644 index 000000000..0dc40e004 --- /dev/null +++ b/zarb-ml/mageia-discuss/20120208/006430.html @@ -0,0 +1,96 @@ + + + + [Mageia-discuss] A possible risk ? + + + + + + + + + +

[Mageia-discuss] A possible risk ?

+ Wolfgang Bornath + molch.b at googlemail.com +
+ Wed Feb 8 14:02:32 CET 2012 +

+
+ +
2012/2/8 Michael Scherer <misc at zarb.org>:
+> Le mercredi 08 février 2012 à 08:47 -0300, Renaud (Ron) Olgiati a
+> écrit :
+>> On Wednesday 08 Feb 2012 08:37 my mailbox was graced by a message from Claire
+>> Robinson who wrote:
+>> > > I ended up installing Mageia 1 on his box, but I wonder why does the
+>> > > distribution allow the user to potentially hose his system, when it
+>> > > requires the root password to install a prog ?
+>> > > Would it not make more sense to ask for the root password for the updates?
+>>
+>> > It is configurable in MCC. You can find it under Security => Configure
+>> > authentication for Mageia Tools.
+>> > Just select root for Update.
+>>
+>> Brilliant, thanks.
+>>
+>> But would it not make more sense to have the default changed to root ?
+>
+> That totally miss the point, which is that a upgrade hosed the system.
+> Would requiring the root password have changed that ? I doubt.
+
+No. What you are pointing at (the breakage of the system) is a matter
+to be looked at.
+
+But the point you are missing is the security breakage.  If a user
+does not have the root password then there is a reason for that and he
+is probably working in an environment where only dedicated people have
+the permission to do system management and it is their task to do
+updates. A private user who is on his own usually has the root
+password. So your point of missing security updates because of 2
+passwords is not valid.
+
+-- 
+wobo
+
+ + + + + + + + + +
+

+ +
+More information about the Mageia-discuss +mailing list
+ diff --git a/zarb-ml/mageia-discuss/20120208/006431.html b/zarb-ml/mageia-discuss/20120208/006431.html new file mode 100644 index 000000000..c05339e84 --- /dev/null +++ b/zarb-ml/mageia-discuss/20120208/006431.html @@ -0,0 +1,95 @@ + + + + [Mageia-discuss] A possible risk ? + + + + + + + + + +

[Mageia-discuss] A possible risk ?

+ Renaud (Ron) Olgiati + renaud at olgiati-in-paraguay.org +
+ Wed Feb 8 15:16:02 CET 2012 +

+
+ +
On Wednesday 08 Feb 2012 09:35 my mailbox was graced by a message from Michael 
+Scherer who wrote:
+
+> And I truly doubt that having a separate person ( ie, asking to someone
+> else who has the root password ) would have avoid any issues due to
+> upgrade. I am pretty sure that both of us would have also updated the
+> computer. 
+
+It would have avoided the issue of the computer going down when I was not 
+available for support.
+
+I would have done the update, hosed the system, and been on the spot to re-
+install immediately, leaving him with a functional system instead of his being 
+without computer until I returned.. 
+ 
+Cheers,
+ 
+Ron.
+-- 
+                         Homines dum docent discunt.
+                                           -- Seneca
+                                    
+                   -- http://www.olgiati-in-paraguay.org --
+
+
+ + + + + + + + + + + + + + + + + + +
+

+ +
+More information about the Mageia-discuss +mailing list
+ diff --git a/zarb-ml/mageia-discuss/20120208/006432.html b/zarb-ml/mageia-discuss/20120208/006432.html new file mode 100644 index 000000000..331c04dc6 --- /dev/null +++ b/zarb-ml/mageia-discuss/20120208/006432.html @@ -0,0 +1,121 @@ + + + + [Mageia-discuss] A possible risk ? + + + + + + + + + +

[Mageia-discuss] A possible risk ?

+ Michael Scherer + misc at zarb.org +
+ Wed Feb 8 15:27:28 CET 2012 +

+
+ +
Le mercredi 08 février 2012 à 14:02 +0100, Wolfgang Bornath a écrit :
+> 2012/2/8 Michael Scherer <misc at zarb.org>:
+> > Le mercredi 08 février 2012 à 08:47 -0300, Renaud (Ron) Olgiati a
+> > écrit :
+> >> On Wednesday 08 Feb 2012 08:37 my mailbox was graced by a message from Claire
+> >> Robinson who wrote:
+> >> > > I ended up installing Mageia 1 on his box, but I wonder why does the
+> >> > > distribution allow the user to potentially hose his system, when it
+> >> > > requires the root password to install a prog ?
+> >> > > Would it not make more sense to ask for the root password for the updates?
+> >>
+> >> > It is configurable in MCC. You can find it under Security => Configure
+> >> > authentication for Mageia Tools.
+> >> > Just select root for Update.
+> >>
+> >> Brilliant, thanks.
+> >>
+> >> But would it not make more sense to have the default changed to root ?
+> >
+> > That totally miss the point, which is that a upgrade hosed the system.
+> > Would requiring the root password have changed that ? I doubt.
+> 
+> No. What you are pointing at (the breakage of the system) is a matter
+> to be looked at.
+
+In fact, the breakage is not our call, since this is on Mandriva.
+
+Read again : "I just had a call for help from a friend who used the
+Sytem Update applet to update his Mandriva 2010.2 install and ended up
+with an un-usable machine, KDE 
+crashing when opening a session."
+
+So basically, a mandriva update applied on a mandriva system did go
+wrong, without explaining why or what caused issues ( could have been
+various stuff, from bad packages or updates breakage, and given the lack
+of evidence and information, we cannot conclude much, except this is not
+our problem at all since this is on Mandriva ).
+
+> But the point you are missing is the security breakage.  If a user
+> does not have the root password then there is a reason for that and he
+> is probably working in an environment where only dedicated people have
+> the permission to do system management and it is their task to do
+> updates. 
+
+Then in such environment, the sysadmin will set it so only him can do
+update. If there is a admin, we should assume that he know what to do,
+and restrict it accordingly, using the tools as explained by Claire.
+
+> A private user who is on his own usually has the root
+> password. So your point of missing security updates because of 2
+> passwords is not valid.
+
+What part of "having to keep 2 password is more complex than having one"
+is wrong ? I have seen lots of people even asking to remove all
+passwords since they do not care, so having 2 just worst.
+
+
+-- 
+Michael Scherer
+
+
+ + + + + + + + +
+

+ +
+More information about the Mageia-discuss +mailing list
+ diff --git a/zarb-ml/mageia-discuss/20120208/006433.html b/zarb-ml/mageia-discuss/20120208/006433.html new file mode 100644 index 000000000..74c5130a4 --- /dev/null +++ b/zarb-ml/mageia-discuss/20120208/006433.html @@ -0,0 +1,97 @@ + + + + [Mageia-discuss] A possible risk ? + + + + + + + + + +

[Mageia-discuss] A possible risk ?

+ Alejandro López + listas.apl at gmail.com +
+ Wed Feb 8 15:30:21 CET 2012 +

+
+ +
On Wed, Feb 8, 2012 at 3:16 PM, Renaud (Ron) Olgiati <
+renaud at olgiati-in-paraguay.org> wrote:
+
+> On Wednesday 08 Feb 2012 09:35 my mailbox was graced by a message from
+> Michael
+> Scherer who wrote:
+>
+> > And I truly doubt that having a separate person ( ie, asking to someone
+> > else who has the root password ) would have avoid any issues due to
+> > upgrade. I am pretty sure that both of us would have also updated the
+> > computer.
+>
+> It would have avoided the issue of the computer going down when I was not
+> available for support.
+>
+> I would have done the update, hosed the system, and been on the spot to re-
+> install immediately, leaving him with a functional system instead of his
+> being
+> without computer until I returned..
+>
+> I guess that Mageia's default configuration was conceived for people
+managing themselves their systems. If there is a different person
+administering the system, then it's this person's responsibility to change
+the default behavior to prevent a normal user from updating the system.
+-------------- next part --------------
+An HTML attachment was scrubbed...
+URL: </pipermail/mageia-discuss/attachments/20120208/ead267fd/attachment.html>
+
+ + + + + + + + + + + + + + + + + +
+

+ +
+More information about the Mageia-discuss +mailing list
+ diff --git a/zarb-ml/mageia-discuss/20120208/006434.html b/zarb-ml/mageia-discuss/20120208/006434.html new file mode 100644 index 000000000..a1d3934e9 --- /dev/null +++ b/zarb-ml/mageia-discuss/20120208/006434.html @@ -0,0 +1,81 @@ + + + + [Mageia-discuss] A possible risk ? + + + + + + + + + +

[Mageia-discuss] A possible risk ?

+ Michael Scherer + misc at zarb.org +
+ Wed Feb 8 15:31:56 CET 2012 +

+
+ +
Le mercredi 08 février 2012 à 12:47 +0000, Claire Robinson a écrit :
+> On 08/02/12 12:35, Michael Scherer wrote:
+
+> I don't think QA is an issue regarding updates to 1. Do you really feel 
+> that way or were you meaning in a more general way?
+
+The upgrade problem was on mandriva 2010.2, why relate this to mageia
+1 ?
+
+And yes, i speak on a general note, the problem with letting people do
+updates is when updates are bad and faulty, and that's something that
+would have been caused either by lack of QA ( from distributor side ),
+or by a user doing what we said to not do, like mixing packages, etc
+( for example, using MIB backports )
+
+> Ensuring an upgrade path from Mandriva 2010.2 is really something we (QA 
+> team) would expect maintainers to maintain.
+
+Sure, can you tell where it was broken ?
+
+-- 
+Michael Scherer
+
+
+ + + + + +
+

+ +
+More information about the Mageia-discuss +mailing list
+ diff --git a/zarb-ml/mageia-discuss/20120208/006435.html b/zarb-ml/mageia-discuss/20120208/006435.html new file mode 100644 index 000000000..16f74d3b3 --- /dev/null +++ b/zarb-ml/mageia-discuss/20120208/006435.html @@ -0,0 +1,73 @@ + + + + [Mageia-discuss] A possible risk ? + + + + + + + + + +

[Mageia-discuss] A possible risk ?

+ Johnny A. Solbu + cooker at solbu.net +
+ Wed Feb 8 15:36:26 CET 2012 +

+
+ +
On Wednesday 08 February 2012 15:31, Michael Scherer wrote:
+> The upgrade problem was on mandriva 2010.2, why relate this to mageia
+> 1 ?
+
+Possibly because mga1 is a rebranded 2010.2 with some MGA specific changes, and likely will have the same problems?
+
+-- 
+Johnny A. Solbu
+PGP key ID: 0xFA687324
+-------------- next part --------------
+A non-text attachment was scrubbed...
+Name: not available
+Type: application/pgp-signature
+Size: 189 bytes
+Desc: This is a digitally signed message part.
+URL: </pipermail/mageia-discuss/attachments/20120208/3c3d3550/attachment-0001.asc>
+
+ + + + +
+

+ +
+More information about the Mageia-discuss +mailing list
+ diff --git a/zarb-ml/mageia-discuss/20120208/006436.html b/zarb-ml/mageia-discuss/20120208/006436.html new file mode 100644 index 000000000..833c14d1f --- /dev/null +++ b/zarb-ml/mageia-discuss/20120208/006436.html @@ -0,0 +1,101 @@ + + + + [Mageia-discuss] A possible risk ? + + + + + + + + + +

[Mageia-discuss] A possible risk ?

+ nicolas vigier + boklm at mars-attacks.org +
+ Wed Feb 8 15:57:59 CET 2012 +

+
+ +
On Wed, 08 Feb 2012, Michael Scherer wrote:
+
+> Le mercredi 08 février 2012 à 08:47 -0300, Renaud (Ron) Olgiati a
+> écrit :
+> > On Wednesday 08 Feb 2012 08:37 my mailbox was graced by a message from Claire 
+> > Robinson who wrote:
+> > > > I ended up installing Mageia 1 on his box, but I wonder why does the
+> > > > distribution allow the user to potentially hose his system, when it
+> > > > requires the root password to install a prog ?
+> > > > Would it not make more sense to ask for the root password for the updates?
+> > 
+> > > It is configurable in MCC. You can find it under Security => Configure 
+> > > authentication for Mageia Tools.
+> > > Just select root for Update.
+> > 
+> > Brilliant, thanks.
+> > 
+> > But would it not make more sense to have the default changed to root ?
+> 
+> That totally miss the point, which is that a upgrade hosed the system.
+> Would requiring the root password have changed that ? I doubt. 
+> 
+> However, if the user cannot do upgrade without asking to someone else
+> ( because that's the whole point of having 2 different passwords, else,
+> that's just a nuisance that will confuse most people ), then he will
+> likely miss security and bugfixes updates, and that's problematic. 
+
+It's not clear if we are talking about installing updates only, or
+upgrading to a new version of the distribution. Installing updates is
+supposed to be safe and can be allowed by default with user password.
+But upgrading to a new distribution is more dangerous and should
+probably only be allowed with root password.
+
+
+ + + + + + + + + + + + + + + +
+

+ +
+More information about the Mageia-discuss +mailing list
+ diff --git a/zarb-ml/mageia-discuss/20120208/006437.html b/zarb-ml/mageia-discuss/20120208/006437.html new file mode 100644 index 000000000..a93f293c9 --- /dev/null +++ b/zarb-ml/mageia-discuss/20120208/006437.html @@ -0,0 +1,107 @@ + + + + [Mageia-discuss] A possible risk ? + + + + + + + + + +

[Mageia-discuss] A possible risk ?

+ Claire Robinson + eeeemail at gmail.com +
+ Wed Feb 8 16:11:51 CET 2012 +

+
+ +
On 08/02/12 14:57, nicolas vigier wrote:
+> On Wed, 08 Feb 2012, Michael Scherer wrote:
+>
+>> Le mercredi 08 février 2012 à 08:47 -0300, Renaud (Ron) Olgiati a
+>> écrit :
+>>> On Wednesday 08 Feb 2012 08:37 my mailbox was graced by a message from Claire
+>>> Robinson who wrote:
+>>>>> I ended up installing Mageia 1 on his box, but I wonder why does the
+>>>>> distribution allow the user to potentially hose his system, when it
+>>>>> requires the root password to install a prog ?
+>>>>> Would it not make more sense to ask for the root password for the updates?
+>>>
+>>>> It is configurable in MCC. You can find it under Security =>  Configure
+>>>> authentication for Mageia Tools.
+>>>> Just select root for Update.
+>>>
+>>> Brilliant, thanks.
+>>>
+>>> But would it not make more sense to have the default changed to root ?
+>>
+>> That totally miss the point, which is that a upgrade hosed the system.
+>> Would requiring the root password have changed that ? I doubt.
+>>
+>> However, if the user cannot do upgrade without asking to someone else
+>> ( because that's the whole point of having 2 different passwords, else,
+>> that's just a nuisance that will confuse most people ), then he will
+>> likely miss security and bugfixes updates, and that's problematic.
+>
+> It's not clear if we are talking about installing updates only, or
+> upgrading to a new version of the distribution. Installing updates is
+> supposed to be safe and can be allowed by default with user password.
+> But upgrading to a new distribution is more dangerous and should
+> probably only be allowed with root password.
+>
+
+It should probably be some comfort that we do actually have a root account.
+If this were Ubuntu then it would require a bit more effort to lock down 
+than a choice in MCC :)
+
+ + + + + + + + + + + + + + + + +
+

+ +
+More information about the Mageia-discuss +mailing list
+ diff --git a/zarb-ml/mageia-discuss/20120208/006438.html b/zarb-ml/mageia-discuss/20120208/006438.html new file mode 100644 index 000000000..fd2e9839d --- /dev/null +++ b/zarb-ml/mageia-discuss/20120208/006438.html @@ -0,0 +1,119 @@ + + + + [Mageia-discuss] A possible risk ? + + + + + + + + + +

[Mageia-discuss] A possible risk ?

+ Wolfgang Bornath + molch.b at googlemail.com +
+ Wed Feb 8 16:13:57 CET 2012 +

+
+ +
2012/2/8 Michael Scherer <misc at zarb.org>:
+> Le mercredi 08 février 2012 à 14:02 +0100, Wolfgang Bornath a écrit :
+>> 2012/2/8 Michael Scherer <misc at zarb.org>:
+>> > Le mercredi 08 février 2012 à 08:47 -0300, Renaud (Ron) Olgiati a
+>> > écrit :
+>> >> On Wednesday 08 Feb 2012 08:37 my mailbox was graced by a message from Claire
+>> >> Robinson who wrote:
+>> >> > > I ended up installing Mageia 1 on his box, but I wonder why does the
+>> >> > > distribution allow the user to potentially hose his system, when it
+>> >> > > requires the root password to install a prog ?
+>> >> > > Would it not make more sense to ask for the root password for the updates?
+>> >>
+>> >> > It is configurable in MCC. You can find it under Security => Configure
+>> >> > authentication for Mageia Tools.
+>> >> > Just select root for Update.
+>> >>
+>> >> Brilliant, thanks.
+>> >>
+>> >> But would it not make more sense to have the default changed to root ?
+>> >
+>> > That totally miss the point, which is that a upgrade hosed the system.
+>> > Would requiring the root password have changed that ? I doubt.
+>>
+>> No. What you are pointing at (the breakage of the system) is a matter
+>> to be looked at.
+>
+> In fact, the breakage is not our call, since this is on Mandriva.
+
+May be, may be not - depends on the reasons why this upgrade went bad.
+Pls remove the blinds.
+
+>> But the point you are missing is the security breakage.  If a user
+>> does not have the root password then there is a reason for that and he
+>> is probably working in an environment where only dedicated people have
+>> the permission to do system management and it is their task to do
+>> updates.
+>
+> Then in such environment, the sysadmin will set it so only him can do
+> update. If there is a admin, we should assume that he know what to do,
+> and restrict it accordingly, using the tools as explained by Claire.
+
+No, it has been different for years and everybody was happy with the
+setup except those who are too lazy using passwords at all.
+
+>> A private user who is on his own usually has the root
+>> password. So your point of missing security updates because of 2
+>> passwords is not valid.
+>
+> What part of "having to keep 2 password is more complex than having one"
+> is wrong ? I have seen lots of people even asking to remove all
+> passwords since they do not care, so having 2 just worst.
+
+Yes, I have seen postings like "why do I have to use passwords" and
+"why can I not log in KDE as root" more than once. Are these people
+our target group? If so than - have fun! What strikes me is that you
+of all people are advocating a loosening of security with no real
+reason.
+
+-- 
+wobo
+
+ + + + + + +
+

+ +
+More information about the Mageia-discuss +mailing list
+ diff --git a/zarb-ml/mageia-discuss/20120208/006439.html b/zarb-ml/mageia-discuss/20120208/006439.html new file mode 100644 index 000000000..7d5930d10 --- /dev/null +++ b/zarb-ml/mageia-discuss/20120208/006439.html @@ -0,0 +1,95 @@ + + + + [Mageia-discuss] A possible risk ? + + + + + + + + + +

[Mageia-discuss] A possible risk ?

+ Renaud (Ron) Olgiati + renaud at olgiati-in-paraguay.org +
+ Wed Feb 8 16:26:55 CET 2012 +

+
+ +
On Wednesday 08 Feb 2012 11:57 my mailbox was graced by a message from nicolas 
+vigier who wrote:
+> It's not clear if we are talking about installing updates only, or
+> upgrading to a new version of the distribution. 
+
+In my case, which started this thread, it was an update that hosed the system.
+
+> Installing updates is supposed to be safe and can be allowed by default 
+> with user password. 
+
+In this case it caused KDE to crash at start of session.
+
+> But upgrading to a new distribution is more dangerous and should
+> probably only be allowed with root password.
+
+Update was bad enough, and should not be allowed to user either  ;-3)
+ 
+Cheers,
+ 
+Ron.
+-- 
+                  A government which robs Peter to pay Paul
+                  can always depend on the support of Paul.
+                                      --George Bernard Shaw
+                                    
+                   -- http://www.olgiati-in-paraguay.org --
+
+
+ + + + + + + + + + + + + + + +
+

+ +
+More information about the Mageia-discuss +mailing list
+ diff --git a/zarb-ml/mageia-discuss/20120208/006440.html b/zarb-ml/mageia-discuss/20120208/006440.html new file mode 100644 index 000000000..b1c23311b --- /dev/null +++ b/zarb-ml/mageia-discuss/20120208/006440.html @@ -0,0 +1,73 @@ + + + + [Mageia-discuss] A possible risk ? + + + + + + + + + +

[Mageia-discuss] A possible risk ?

+ Anne Wilson + annew at kde.org +
+ Wed Feb 8 16:20:41 CET 2012 +

+
+ +
On Wednesday 08 February 2012 15:13:57 Anne Wilson wrote:
+> Yes, I have seen postings like "why do I have to use passwords" and
+> "why can I not log in KDE as root" more than once. Are these people
+> our target group? If so than - have fun! What strikes me is that you
+> of all people are advocating a loosening of security with no real
+> reason.
+
+I do not want to have to give the root password to members of my family that 
+are, frankly, clueless on tech-matters.  At the same time, I do want them to 
+apply at least security updates.  Being able to accept updates from a trusted 
+source (direct from Mageia) with only their user password is the safest their 
+systems can have.
+
+Anne
+
+ + + + + + +
+

+ +
+More information about the Mageia-discuss +mailing list
+ diff --git a/zarb-ml/mageia-discuss/20120208/006441.html b/zarb-ml/mageia-discuss/20120208/006441.html new file mode 100644 index 000000000..64648993c --- /dev/null +++ b/zarb-ml/mageia-discuss/20120208/006441.html @@ -0,0 +1,83 @@ + + + + [Mageia-discuss] A possible risk ? + + + + + + + + + +

[Mageia-discuss] A possible risk ?

+ Renaud (Ron) Olgiati + renaud at olgiati-in-paraguay.org +
+ Wed Feb 8 16:35:24 CET 2012 +

+
+ +
On Wednesday 08 Feb 2012 12:11 my mailbox was graced by a message from Claire 
+Robinson who wrote:
+> If this were Ubuntu then it would require a bit more effort to lock down 
+> than a choice in MCC :)
+
+Which is why I never switched to Ubuntu; could not get used to the sudo thing, 
+nor let my little dears have root access on their boxes.
+ 
+Cheers,
+ 
+Ron.
+-- 
+                  A government which robs Peter to pay Paul
+                  can always depend on the support of Paul.
+                                      --George Bernard Shaw
+                                    
+                   -- http://www.olgiati-in-paraguay.org --
+
+
+ + + + + + + + + + + + +
+

+ +
+More information about the Mageia-discuss +mailing list
+ diff --git a/zarb-ml/mageia-discuss/20120208/006442.html b/zarb-ml/mageia-discuss/20120208/006442.html new file mode 100644 index 000000000..d1727e783 --- /dev/null +++ b/zarb-ml/mageia-discuss/20120208/006442.html @@ -0,0 +1,81 @@ + + + + [Mageia-discuss] A possible risk ? + + + + + + + + + +

[Mageia-discuss] A possible risk ?

+ Renaud (Ron) Olgiati + renaud at olgiati-in-paraguay.org +
+ Wed Feb 8 16:40:10 CET 2012 +

+
+ +
On Wednesday 08 Feb 2012 12:20 my mailbox was graced by a message from Anne 
+Wilson who wrote:
+> I do not want to have to give the root password to members of my family
+> that  are, frankly, clueless on tech-matters.  At the same time, I do want
+> them to apply at least security updates.  Being able to accept updates
+> from a trusted source (direct from Mageia) with only their user password
+> is the safest their systems can have.
+
+So which is the lesser of the two evils: hosing the system with an update, or 
+not applying the update as soon as it becomes available ? 
+ 
+Cheers,
+ 
+Ron.
+-- 
+                  A government which robs Peter to pay Paul
+                  can always depend on the support of Paul.
+                                      --George Bernard Shaw
+                                    
+                   -- http://www.olgiati-in-paraguay.org --
+
+
+ + + + + + + +
+

+ +
+More information about the Mageia-discuss +mailing list
+ diff --git a/zarb-ml/mageia-discuss/20120208/006443.html b/zarb-ml/mageia-discuss/20120208/006443.html new file mode 100644 index 000000000..106fc8827 --- /dev/null +++ b/zarb-ml/mageia-discuss/20120208/006443.html @@ -0,0 +1,91 @@ + + + + [Mageia-discuss] A possible risk ? + + + + + + + + + +

[Mageia-discuss] A possible risk ?

+ Wolfgang Bornath + molch.b at googlemail.com +
+ Wed Feb 8 17:01:09 CET 2012 +

+
+ +
2012/2/8 Anne Wilson <annew at kde.org>:
+> On Wednesday 08 February 2012 15:13:57 Anne Wilson wrote:
+>> Yes, I have seen postings like "why do I have to use passwords" and
+>> "why can I not log in KDE as root" more than once. Are these people
+>> our target group? If so than - have fun! What strikes me is that you
+>> of all people are advocating a loosening of security with no real
+>> reason.
+>
+> I do not want to have to give the root password to members of my family that
+> are, frankly, clueless on tech-matters.  At the same time, I do want them to
+> apply at least security updates.  Being able to accept updates from a trusted
+> source (direct from Mageia) with only their user password is the safest their
+> systems can have.
+
+I understand the reasons. But you know as well as everybody else that
+sometimes updates do not work as easy as they should. It could be
+caused by a faulty mirror or by a glitch in a package (which should
+not happen but "should not happen" implies "can happen") or whatever
+other reason. Then your family members will wait for you anyway (in
+the best case) without knowing what happened - while they could have
+been happily working or entertaining themselves until you come and do
+the updates.
+
+Apart from the understandable quest to make it easy on the unwashed
+masses - it is still a security break - see what I have written about
+the ability of xguest to do updates (while xguest was invented to
+leave the system without garbage or damage at the end of his/her
+session).
+
+-- 
+wobo
+
+ + + + + + + +
+

+ +
+More information about the Mageia-discuss +mailing list
+ diff --git a/zarb-ml/mageia-discuss/20120208/006444.html b/zarb-ml/mageia-discuss/20120208/006444.html new file mode 100644 index 000000000..fd56cd18e --- /dev/null +++ b/zarb-ml/mageia-discuss/20120208/006444.html @@ -0,0 +1,101 @@ + + + + [Mageia-discuss] A possible risk ? + + + + + + + + + +

[Mageia-discuss] A possible risk ?

+ Diego Bello + dbello at gmail.com +
+ Wed Feb 8 17:31:37 CET 2012 +

+
+ +
On Wed, Feb 8, 2012 at 11:01 AM, Wolfgang Bornath
+<molch.b at googlemail.com> wrote:
+> 2012/2/8 Anne Wilson <annew at kde.org>:
+>> On Wednesday 08 February 2012 15:13:57 Anne Wilson wrote:
+>>> Yes, I have seen postings like "why do I have to use passwords" and
+>>> "why can I not log in KDE as root" more than once. Are these people
+>>> our target group? If so than - have fun! What strikes me is that you
+>>> of all people are advocating a loosening of security with no real
+>>> reason.
+>>
+>> I do not want to have to give the root password to members of my family that
+>> are, frankly, clueless on tech-matters.  At the same time, I do want them to
+>> apply at least security updates.  Being able to accept updates from a trusted
+>> source (direct from Mageia) with only their user password is the safest their
+>> systems can have.
+>
+> I understand the reasons. But you know as well as everybody else that
+> sometimes updates do not work as easy as they should. It could be
+> caused by a faulty mirror or by a glitch in a package (which should
+> not happen but "should not happen" implies "can happen") or whatever
+> other reason. Then your family members will wait for you anyway (in
+> the best case) without knowing what happened - while they could have
+> been happily working or entertaining themselves until you come and do
+> the updates.
+>
+> Apart from the understandable quest to make it easy on the unwashed
+> masses - it is still a security break - see what I have written about
+> the ability of xguest to do updates (while xguest was invented to
+> leave the system without garbage or damage at the end of his/her
+> session).
+>
+> --
+> wobo
+
+A bad update will break your system no matter if you are root or not.
+I think normal users should be able to install updates unless you say
+so in the MCC, but I agree that the xguest user should not be able to
+do so. That, imho, is a bug and should be solved.
+
+-- 
+Diego Bello Carreño
+
+ + + + + + + +
+

+ +
+More information about the Mageia-discuss +mailing list
+ diff --git a/zarb-ml/mageia-discuss/20120208/006445.html b/zarb-ml/mageia-discuss/20120208/006445.html new file mode 100644 index 000000000..756f3a90a --- /dev/null +++ b/zarb-ml/mageia-discuss/20120208/006445.html @@ -0,0 +1,104 @@ + + + + [Mageia-discuss] A possible risk ? + + + + + + + + + +

[Mageia-discuss] A possible risk ?

+ Wolfgang Bornath + molch.b at googlemail.com +
+ Wed Feb 8 17:39:52 CET 2012 +

+
+ +
2012/2/8 Diego Bello <dbello at gmail.com>:
+> On Wed, Feb 8, 2012 at 11:01 AM, Wolfgang Bornath
+> <molch.b at googlemail.com> wrote:
+>> 2012/2/8 Anne Wilson <annew at kde.org>:
+>>> On Wednesday 08 February 2012 15:13:57 Anne Wilson wrote:
+>>>> Yes, I have seen postings like "why do I have to use passwords" and
+>>>> "why can I not log in KDE as root" more than once. Are these people
+>>>> our target group? If so than - have fun! What strikes me is that you
+>>>> of all people are advocating a loosening of security with no real
+>>>> reason.
+>>>
+>>> I do not want to have to give the root password to members of my family that
+>>> are, frankly, clueless on tech-matters.  At the same time, I do want them to
+>>> apply at least security updates.  Being able to accept updates from a trusted
+>>> source (direct from Mageia) with only their user password is the safest their
+>>> systems can have.
+>>
+>> I understand the reasons. But you know as well as everybody else that
+>> sometimes updates do not work as easy as they should. It could be
+>> caused by a faulty mirror or by a glitch in a package (which should
+>> not happen but "should not happen" implies "can happen") or whatever
+>> other reason. Then your family members will wait for you anyway (in
+>> the best case) without knowing what happened - while they could have
+>> been happily working or entertaining themselves until you come and do
+>> the updates.
+>>
+>> Apart from the understandable quest to make it easy on the unwashed
+>> masses - it is still a security break - see what I have written about
+>> the ability of xguest to do updates (while xguest was invented to
+>> leave the system without garbage or damage at the end of his/her
+>> session).
+>>
+>> --
+>> wobo
+>
+> A bad update will break your system no matter if you are root or not.
+
+That's actually a point in favor of the need for the root password -
+if the system breaks: the user can not do anything at all - instead he
+will have to go for a walk until root comes to fix the problem. So why
+do you insist on letting poor user take that risk by default?
+
+-- 
+wobo
+
+ + + + + + + +
+

+ +
+More information about the Mageia-discuss +mailing list
+ diff --git a/zarb-ml/mageia-discuss/20120208/006446.html b/zarb-ml/mageia-discuss/20120208/006446.html new file mode 100644 index 000000000..a3e6146b9 --- /dev/null +++ b/zarb-ml/mageia-discuss/20120208/006446.html @@ -0,0 +1,119 @@ + + + + [Mageia-discuss] A possible risk ? + + + + + + + + + +

[Mageia-discuss] A possible risk ?

+ Diego Bello + dbello at gmail.com +
+ Wed Feb 8 19:08:55 CET 2012 +

+
+ +
On Wed, Feb 8, 2012 at 11:39 AM, Wolfgang Bornath
+<molch.b at googlemail.com> wrote:
+> 2012/2/8 Diego Bello <dbello at gmail.com>:
+>> On Wed, Feb 8, 2012 at 11:01 AM, Wolfgang Bornath
+>> <molch.b at googlemail.com> wrote:
+>>> 2012/2/8 Anne Wilson <annew at kde.org>:
+>>>> On Wednesday 08 February 2012 15:13:57 Anne Wilson wrote:
+>>>>> Yes, I have seen postings like "why do I have to use passwords" and
+>>>>> "why can I not log in KDE as root" more than once. Are these people
+>>>>> our target group? If so than - have fun! What strikes me is that you
+>>>>> of all people are advocating a loosening of security with no real
+>>>>> reason.
+>>>>
+>>>> I do not want to have to give the root password to members of my family that
+>>>> are, frankly, clueless on tech-matters.  At the same time, I do want them to
+>>>> apply at least security updates.  Being able to accept updates from a trusted
+>>>> source (direct from Mageia) with only their user password is the safest their
+>>>> systems can have.
+>>>
+>>> I understand the reasons. But you know as well as everybody else that
+>>> sometimes updates do not work as easy as they should. It could be
+>>> caused by a faulty mirror or by a glitch in a package (which should
+>>> not happen but "should not happen" implies "can happen") or whatever
+>>> other reason. Then your family members will wait for you anyway (in
+>>> the best case) without knowing what happened - while they could have
+>>> been happily working or entertaining themselves until you come and do
+>>> the updates.
+>>>
+>>> Apart from the understandable quest to make it easy on the unwashed
+>>> masses - it is still a security break - see what I have written about
+>>> the ability of xguest to do updates (while xguest was invented to
+>>> leave the system without garbage or damage at the end of his/her
+>>> session).
+>>>
+>>> --
+>>> wobo
+>>
+>> A bad update will break your system no matter if you are root or not.
+>
+> That's actually a point in favor of the need for the root password -
+> if the system breaks: the user can not do anything at all - instead he
+> will have to go for a walk until root comes to fix the problem. So why
+> do you insist on letting poor user take that risk by default?
+>
+> --
+> wobo
+
+Because a simple update should not break the system. They should work
+all the time, just like printers or the Internet connection :p.
+
+Now, seriously talking, I have installed updates with my user all the
+time and never had a problem. This case is an exception and I don't
+thing of it as a bug, except for the feature that it can be done by a
+guest user.
+
+
+
+-- 
+Diego Bello Carreño
+
+ + + + + + + +
+

+ +
+More information about the Mageia-discuss +mailing list
+ diff --git a/zarb-ml/mageia-discuss/20120208/006447.html b/zarb-ml/mageia-discuss/20120208/006447.html new file mode 100644 index 000000000..05ca2c82e --- /dev/null +++ b/zarb-ml/mageia-discuss/20120208/006447.html @@ -0,0 +1,84 @@ + + + + [Mageia-discuss] A possible risk ? + + + + + + + + + +

[Mageia-discuss] A possible risk ?

+ nicolas vigier + boklm at mars-attacks.org +
+ Wed Feb 8 19:23:58 CET 2012 +

+
+ +
On Wed, 08 Feb 2012, Renaud (Ron) Olgiati wrote:
+
+> On Wednesday 08 Feb 2012 11:57 my mailbox was graced by a message from nicolas 
+> vigier who wrote:
+> > It's not clear if we are talking about installing updates only, or
+> > upgrading to a new version of the distribution. 
+> 
+> In my case, which started this thread, it was an update that hosed the system.
+> 
+> > Installing updates is supposed to be safe and can be allowed by default 
+> > with user password. 
+> 
+> In this case it caused KDE to crash at start of session.
+> 
+> > But upgrading to a new distribution is more dangerous and should
+> > probably only be allowed with root password.
+> 
+> Update was bad enough, and should not be allowed to user either  ;-3)
+
+The problem is the bad update, not that it was allowed without root
+password. Updates should not hose the system, and that's why there is a
+policy on no new versions in update when possible, and qa tests.
+
+
+ + + + + + + + +
+

+ +
+More information about the Mageia-discuss +mailing list
+ diff --git a/zarb-ml/mageia-discuss/20120208/006448.html b/zarb-ml/mageia-discuss/20120208/006448.html new file mode 100644 index 000000000..f063342d6 --- /dev/null +++ b/zarb-ml/mageia-discuss/20120208/006448.html @@ -0,0 +1,106 @@ + + + + [Mageia-discuss] A possible risk ? + + + + + + + + + +

[Mageia-discuss] A possible risk ?

+ Anne Wilson + annew at kde.org +
+ Wed Feb 8 20:23:00 CET 2012 +

+
+ +
-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
+On 08/02/12 15:40, Renaud (Ron) Olgiati wrote:
+> On Wednesday 08 Feb 2012 12:20 my mailbox was graced by a message 
+> from Anne Wilson who wrote:
+>> I do not want to have to give the root password to members of my 
+>> family that  are, frankly, clueless on tech-matters.  At the
+>> same time, I do want them to apply at least security updates.
+>> Being able to accept updates from a trusted source (direct from
+>> Mageia) with only their user password is the safest their systems
+>> can have.
+> 
+> So which is the lesser of the two evils: hosing the system with an 
+> update, or not applying the update as soon as it becomes available 
+> ?
+> 
+> Cheers,
+> 
+> Ron.
+
+In fairness, of the 10+ years I've been running Linux, Mandrake once
+killed X on a Friday afternoon, so we had to wait until Monday for the
+fix, and my CentOS system was thoroughly hosed, this time not just X
+or KDE, but deep down in the system to the point where it couldn't
+mount partitions.
+
+I update my system almost daily, so I estimate I've updated 3500 times
+plus a good many more for second boxes/laptops or whatever.  What
+proportion of failure is that? If you ignore my second system updates,
+it says there is a 0.00057142857% chance of my system being hosed.
+Since that's an overstatement (second boxes etc.) :-)  I think I'll
+take that chance.
+
+Anne
+
+- -- 
+Need KDE help? Try
+http://userbase.kde.org or
+http://forum.kde.org
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.11 (GNU/Linux)
+Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
+
+iEYEARECAAYFAk8yy44ACgkQj93fyh4cnBeSoQCeM/JSVudO2GkN1uilAnw3f7Ba
+uAMAn0LeySfhCYlxNQ0PfSWexWXO0fqs
+=0YN7
+-----END PGP SIGNATURE-----
+
+ + + + + +
+

+ +
+More information about the Mageia-discuss +mailing list
+ diff --git a/zarb-ml/mageia-discuss/20120208/006449.html b/zarb-ml/mageia-discuss/20120208/006449.html new file mode 100644 index 000000000..c4909dd5b --- /dev/null +++ b/zarb-ml/mageia-discuss/20120208/006449.html @@ -0,0 +1,89 @@ + + + + [Mageia-discuss] A possible risk ? + + + + + + + + + +

[Mageia-discuss] A possible risk ?

+ Maarten Vanraes + alien at rmail.be +
+ Wed Feb 8 21:56:44 CET 2012 +

+
+ +
Op woensdag 08 februari 2012 15:57:59 schreef nicolas vigier:
+> It's not clear if we are talking about installing updates only, or
+> upgrading to a new version of the distribution. Installing updates is
+> supposed to be safe and can be allowed by default with user password.
+> But upgrading to a new distribution is more dangerous and should
+> probably only be allowed with root password.
+
+i agree...
+
+also people use update and upgrade, but it does not have the same meaning.
+
+the things being talked about above are really beyond the point. the sysadmin 
+in question can set it up for the user however he wants...
+
+EXCEPT, he can't distinguish between updates and upgrades... or even guest 
+users having access to updates and upgrades.
+
+my current proposal is to:
+
+1. have a separate setting between allowing updates and upgrades.
+2. change upgrades to allow root user only
+3. disable guest user to have update possibility.
+
+i think these are sensible defaults... <--- i'm talking about defaults here, 
+people can still set it up whatever they want.
+
+and this option allows everyone to be somewhat happy.
+
+does someone disagree? if so, why?
+
+ + + + + + + +
+

+ +
+More information about the Mageia-discuss +mailing list
+ diff --git a/zarb-ml/mageia-discuss/20120208/006450.html b/zarb-ml/mageia-discuss/20120208/006450.html new file mode 100644 index 000000000..fa2013316 --- /dev/null +++ b/zarb-ml/mageia-discuss/20120208/006450.html @@ -0,0 +1,100 @@ + + + + [Mageia-discuss] A possible risk ? + + + + + + + + + +

[Mageia-discuss] A possible risk ?

+ Diego Bello + dbello at gmail.com +
+ Wed Feb 8 22:15:46 CET 2012 +

+
+ +
On Wed, Feb 8, 2012 at 3:56 PM, Maarten Vanraes <alien at rmail.be> wrote:
+> Op woensdag 08 februari 2012 15:57:59 schreef nicolas vigier:
+>> It's not clear if we are talking about installing updates only, or
+>> upgrading to a new version of the distribution. Installing updates is
+>> supposed to be safe and can be allowed by default with user password.
+>> But upgrading to a new distribution is more dangerous and should
+>> probably only be allowed with root password.
+>
+> i agree...
+>
+> also people use update and upgrade, but it does not have the same meaning.
+>
+> the things being talked about above are really beyond the point. the sysadmin
+> in question can set it up for the user however he wants...
+>
+> EXCEPT, he can't distinguish between updates and upgrades... or even guest
+> users having access to updates and upgrades.
+>
+> my current proposal is to:
+>
+> 1. have a separate setting between allowing updates and upgrades.
+> 2. change upgrades to allow root user only
+
+
+AFAIK, Mandriva/Mageia do require root password to upgrade the system,
+or am I wrong?
+
+
+> 3. disable guest user to have update possibility.
+>
+> i think these are sensible defaults... <--- i'm talking about defaults here,
+> people can still set it up whatever they want.
+>
+> and this option allows everyone to be somewhat happy.
+>
+> does someone disagree? if so, why?
+
+
+
+-- 
+Diego Bello Carreño
+
+ + + + + + +
+

+ +
+More information about the Mageia-discuss +mailing list
+ diff --git a/zarb-ml/mageia-discuss/20120208/006451.html b/zarb-ml/mageia-discuss/20120208/006451.html new file mode 100644 index 000000000..3271fb305 --- /dev/null +++ b/zarb-ml/mageia-discuss/20120208/006451.html @@ -0,0 +1,95 @@ + + + + [Mageia-discuss] A possible risk ? + + + + + + + + + +

[Mageia-discuss] A possible risk ?

+ andre999 + andre999mga at laposte.net +
+ Wed Feb 8 23:11:58 CET 2012 +

+
+ +
Wolfgang Bornath a écrit :
+> 2012/2/8 Sander Lepik<sander.lepik at eesti.ee>:
+>    
+>> 08.02.2012 13:47, Renaud (Ron) Olgiati kirjutas:
+>>
+>>      
+>>> Brilliant, thanks.
+>>>
+>>> But would it not make more sense to have the default changed to root ?
+>>>        
+>> Updates shouldn't break system and so i think they should be enabled for
+>> normal users. Upgrades is something else and should be disabled for normal
+>> users. You can report bug about this problem.
+>>      
+> Last November I setup my normal Mageia system to auto-boot into xguest
+> so visitors at the Mageia stand at an exhibition can try out Mageia. I
+> was surpised and shocked when I watched the update icon light up and
+> the visitor could perform this update as xguest! This IS a risk no
+> matter whether an update breaks a system or not. After I saw this the
+> first thing I did was su into root and change the permission setting
+> for updates.
+>
+> This is one thing where security was broken for ease of use.
+>
+>    
+I would say that a good way to solve that is to not permit updates from 
+an account that doesn't require a password, such as is the case (usually 
+if not always) with xguest.
+
+So defaults being
+1) release upgrades requiring root password.
+2) package updates requiring user password.
+3) if current account requires not password, no update.
+
+Wouldn't that satisfy security concerns ?
+
+-- 
+André
+
+
+ + + +
+

+ +
+More information about the Mageia-discuss +mailing list
+ diff --git a/zarb-ml/mageia-discuss/20120208/006452.html b/zarb-ml/mageia-discuss/20120208/006452.html new file mode 100644 index 000000000..25c918bd8 --- /dev/null +++ b/zarb-ml/mageia-discuss/20120208/006452.html @@ -0,0 +1,74 @@ + + + + [Mageia-discuss] GDM not upgrading + + + + + + + + + +

[Mageia-discuss] GDM not upgrading

+ Michael Hill + mdhillca at gmail.com +
+ Wed Feb 8 23:38:42 CET 2012 +

+
+ +
Just running urpmi --auto-update and the GDM package doesn't want to
+satisfy this dependency:
+
+In order to satisfy the 'lxdm|lxdm|gdm|slim|kdm|slim|kdm' dependency,
+one of the following packages is needed:
+ 1- kdm-4.8.0-1.mga2.x86_64: KDE Desktop Login Manager (to install)
+ 2- slim-1.3.2-3.mga2.x86_64: Simple login manager (to install)
+ 3- lxdm-0.4.1-5.mga2.x86_64: GUI login manager for LXDE (to install)
+What is your choice? (1-3)
+
+Is this a temporary condition and I should try again later?
+
+Thanks,
+
+Mike
+
+ + + + + + +
+

+ +
+More information about the Mageia-discuss +mailing list
+ diff --git a/zarb-ml/mageia-discuss/20120208/006453.html b/zarb-ml/mageia-discuss/20120208/006453.html new file mode 100644 index 000000000..1315d8640 --- /dev/null +++ b/zarb-ml/mageia-discuss/20120208/006453.html @@ -0,0 +1,69 @@ + + + + [Mageia-discuss] GDM not upgrading + + + + + + + + + +

[Mageia-discuss] GDM not upgrading

+ Olav Vitters + olav at vitters.nl +
+ Wed Feb 8 23:45:50 CET 2012 +

+
+ +
On Wed, Feb 08, 2012 at 05:38:42PM -0500, Michael Hill wrote:
+> Is this a temporary condition and I should try again later?
+
+Yes.
+
+Upgrade for now with --keep until you have the latest updates.
+
+-- 
+Regards,
+Olav
+
+ + + + + + +
+

+ +
+More information about the Mageia-discuss +mailing list
+ diff --git a/zarb-ml/mageia-discuss/20120208/006454.html b/zarb-ml/mageia-discuss/20120208/006454.html new file mode 100644 index 000000000..e69e9e128 --- /dev/null +++ b/zarb-ml/mageia-discuss/20120208/006454.html @@ -0,0 +1,78 @@ + + + + [Mageia-discuss] A possible risk ? + + + + + + + + + +

[Mageia-discuss] A possible risk ?

+ Renaud (Ron) Olgiati + renaud at olgiati-in-paraguay.org +
+ Wed Feb 8 23:46:46 CET 2012 +

+
+ +
On Wednesday 08 Feb 2012 19:11 my mailbox was graced by a message from 
+andre999 who wrote:
+> So defaults being
+> 1) release upgrades requiring root password.
+> 2) package updates requiring user password.
+> 3) if current account requires not password, no update.
+> Wouldn't that satisfy security concerns ?
+
+No, it still leaves the user launching an update, hosing his system and being 
+left with a dead system.
+
+I feel (strongly) that updates, like upgrades, should only be done by someone 
+who can reinstall the system in case of problem ==> root.
+ 
+Cheers,
+ 
+Ron.
+-- 
+                        La culture, c'est ce qui reste
+                      quand on a oublié tout le reste.
+                                    
+                   -- http://www.olgiati-in-paraguay.org --
+
+
+ + +
+

+ +
+More information about the Mageia-discuss +mailing list
+ diff --git a/zarb-ml/mageia-discuss/20120208/006455.html b/zarb-ml/mageia-discuss/20120208/006455.html new file mode 100644 index 000000000..ce371d5e0 --- /dev/null +++ b/zarb-ml/mageia-discuss/20120208/006455.html @@ -0,0 +1,66 @@ + + + + [Mageia-discuss] GDM not upgrading + + + + + + + + + +

[Mageia-discuss] GDM not upgrading

+ Michael Hill + mdhillca at gmail.com +
+ Wed Feb 8 23:49:00 CET 2012 +

+
+ +
On Wed, Feb 8, 2012 at 5:45 PM, Olav Vitters <olav at vitters.nl> wrote:
+> On Wed, Feb 08, 2012 at 05:38:42PM -0500, Michael Hill wrote:
+>> Is this a temporary condition and I should try again later?
+>
+> Yes.
+>
+> Upgrade for now with --keep until you have the latest updates.
+
+Thanks,
+
+Mike
+
+ + + + +
+

+ +
+More information about the Mageia-discuss +mailing list
+ diff --git a/zarb-ml/mageia-discuss/20120208/007766.html b/zarb-ml/mageia-discuss/20120208/007766.html new file mode 100644 index 000000000..187de6d3c --- /dev/null +++ b/zarb-ml/mageia-discuss/20120208/007766.html @@ -0,0 +1,117 @@ + + + + [Mageia-discuss] A possible risk ? + + + + + + + + + +

[Mageia-discuss] A possible risk ?

+ Anne Wilson + cannewilson at googlemail.com +
+ Wed Feb 8 14:51:27 CET 2012 +

+
+ +
On Wednesday 08 February 2012 12:50:46 Anne Wilson wrote:
+> Am 08.02.2012 13:35, schrieb Michael Scherer:
+> > Le mercredi 08 février 2012 à 08:47 -0300, Renaud (Ron) Olgiati a
+> > 
+> > écrit :
+> >> On Wednesday 08 Feb 2012 08:37 my mailbox was graced by a message from
+> >> Claire
+> >> 
+> >> Robinson who wrote:
+> >>>> I ended up installing Mageia 1 on his box, but I wonder why does the
+> >>>> distribution allow the user to potentially hose his system, when it
+> >>>> requires the root password to install a prog ?
+> >>>> Would it not make more sense to ask for the root password for the
+> >>>> updates?
+> >>> 
+> >>> It is configurable in MCC. You can find it under Security => Configure
+> >>> authentication for Mageia Tools.
+> >>> Just select root for Update.
+> >> 
+> >> Brilliant, thanks.
+> >> 
+> >> But would it not make more sense to have the default changed to root ?
+> > 
+> > That totally miss the point, which is that a upgrade hosed the system.
+> > Would requiring the root password have changed that ? I doubt.
+> > 
+> > However, if the user cannot do upgrade without asking to someone else
+> > ( because that's the whole point of having 2 different passwords, else,
+> > that's just a nuisance that will confuse most people ), then he will
+> > likely miss security and bugfixes updates, and that's problematic.
+> > 
+> > And I truly doubt that having a separate person ( ie, asking to someone
+> > else who has the root password ) would have avoid any issues due to
+> > upgrade. I am pretty sure that both of us would have also updated the
+> > computer.
+> > 
+> > The risk is the lack of QA, and I have been repeating this since a long
+> > time. If people cannot trust updates, they will use them, and they face
+> > issues and security problems, and that will tarnish our reputation,
+> > among others.
+> 
+> Well, you also miss the point if the cause for this breakage (maybe some
+> packages that are currently missing/only available in an older version
+> compared to Mandriva) is not reported, we can't really fix it, no?
+> 
+> So just telling: "An upgrade from Mandriva broke my machine" will do no
+> good at all,
+> IMHO.
+
+Having just lost a week when an update broke my CentOS box, I should point out 
+that I have no idea what caused the breakage - and when the system is unusable 
+there are no logs either.  I understand your concern, but it may not be 
+possible for the user to give you that information.
+
+I agree with Michael Scherer that the security setting is not the issue.  Not 
+only would an admin guy, if one exists, have done the update, but also the 
+user cannot keep his machine secure without help.  I have some very non-techy 
+users in my family and expect them to accept updates whenever they are offered.  
+They are told to contact me if they see any messages they don't understand, 
+but otherwise, carry on, and it works well.
+
+Anne
+
+ + +
+

+ +
+More information about the Mageia-discuss +mailing list
+ diff --git a/zarb-ml/mageia-discuss/20120208/007767.html b/zarb-ml/mageia-discuss/20120208/007767.html new file mode 100644 index 000000000..237f10632 --- /dev/null +++ b/zarb-ml/mageia-discuss/20120208/007767.html @@ -0,0 +1,66 @@ + + + + [Mageia-discuss] A possible risk ? + + + + + + + + + +

[Mageia-discuss] A possible risk ?

+ Anne Wilson + cannewilson at googlemail.com +
+ Wed Feb 8 20:29:39 CET 2012 +

+
+ +
On Wednesday 08 February 2012 16:01:09 Anne Wilson wrote:
+>  Then your family members will wait for you anyway (in
+> the best case) without knowing what happened - while they could have
+> been happily working or entertaining themselves until you come and do
+> the updates.
+
+Actually, no.  Experience tells me that they will do what very many Windows 
+users do - nothing.  I've seen systems that haven't seen an update in years.  
+I don't want my family running such a system.
+
+Anne
+
+ + +
+

+ +
+More information about the Mageia-discuss +mailing list
+ diff --git a/zarb-ml/mageia-discuss/20120208/author.html b/zarb-ml/mageia-discuss/20120208/author.html new file mode 100644 index 000000000..ab3e3ed4b --- /dev/null +++ b/zarb-ml/mageia-discuss/20120208/author.html @@ -0,0 +1,262 @@ + + + + The Mageia-discuss 8 February 2012 Archive by author + + + + + +

8 February 2012 Archives by author

+ +

Starting: Wed Feb 8 07:15:49 CET 2012
+ Ending: Wed Feb 8 23:49:00 CET 2012
+ Messages: 43

+

+

+ Last message date: + Wed Feb 8 23:49:00 CET 2012
+ Archived on: Mon Jun 11 17:00:07 CEST 2012 +

+

+

+

+ This archive was generated by + Pipermail 0.09 (Mailman edition). + + + diff --git a/zarb-ml/mageia-discuss/20120208/date.html b/zarb-ml/mageia-discuss/20120208/date.html new file mode 100644 index 000000000..6ce6ce73f --- /dev/null +++ b/zarb-ml/mageia-discuss/20120208/date.html @@ -0,0 +1,262 @@ + + + + The Mageia-discuss 8 February 2012 Archive by date + + + + + +

8 February 2012 Archives by date

+ +

Starting: Wed Feb 8 07:15:49 CET 2012
+ Ending: Wed Feb 8 23:49:00 CET 2012
+ Messages: 43

+

+

+ Last message date: + Wed Feb 8 23:49:00 CET 2012
+ Archived on: Mon Jun 11 17:00:07 CEST 2012 +

+

+

+

+ This archive was generated by + Pipermail 0.09 (Mailman edition). + + + diff --git a/zarb-ml/mageia-discuss/20120208/index.html b/zarb-ml/mageia-discuss/20120208/index.html new file mode 120000 index 000000000..db4b46f72 --- /dev/null +++ b/zarb-ml/mageia-discuss/20120208/index.html @@ -0,0 +1 @@ +thread.html \ No newline at end of file diff --git a/zarb-ml/mageia-discuss/20120208/subject.html b/zarb-ml/mageia-discuss/20120208/subject.html new file mode 100644 index 000000000..489c75d58 --- /dev/null +++ b/zarb-ml/mageia-discuss/20120208/subject.html @@ -0,0 +1,262 @@ + + + + The Mageia-discuss 8 February 2012 Archive by subject + + + + + +

8 February 2012 Archives by subject

+ +

Starting: Wed Feb 8 07:15:49 CET 2012
+ Ending: Wed Feb 8 23:49:00 CET 2012
+ Messages: 43

+

+

+ Last message date: + Wed Feb 8 23:49:00 CET 2012
+ Archived on: Mon Jun 11 17:00:07 CEST 2012 +

+

+

+

+ This archive was generated by + Pipermail 0.09 (Mailman edition). + + + diff --git a/zarb-ml/mageia-discuss/20120208/thread.html b/zarb-ml/mageia-discuss/20120208/thread.html new file mode 100644 index 000000000..5f2ae2d23 --- /dev/null +++ b/zarb-ml/mageia-discuss/20120208/thread.html @@ -0,0 +1,321 @@ + + + + The Mageia-discuss 8 February 2012 Archive by thread + + + + + +

8 February 2012 Archives by thread

+ +

Starting: Wed Feb 8 07:15:49 CET 2012
+ Ending: Wed Feb 8 23:49:00 CET 2012
+ Messages: 43

+

+

+ Last message date: + Wed Feb 8 23:49:00 CET 2012
+ Archived on: Mon Jun 11 17:00:07 CEST 2012 +

+

+

+

+ This archive was generated by + Pipermail 0.09 (Mailman edition). + + + -- cgit v1.2.1