1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
|
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<TITLE> [Mageia-discuss] A possible risk ?
</TITLE>
<LINK REL="Index" HREF="index.html" >
<LINK REL="made" HREF="mailto:mageia-discuss%40mageia.org?Subject=Re%3A%20%5BMageia-discuss%5D%20A%20possible%20risk%20%3F&In-Reply-To=%3CCAJyy6UTzVGkkJU-74o_fogfKTRPEsUsvgM24h-Wen5JO_DfoeA%40mail.gmail.com%3E">
<META NAME="robots" CONTENT="index,nofollow">
<META http-equiv="Content-Type" content="text/html; charset=us-ascii">
<LINK REL="Previous" HREF="006445.html">
<LINK REL="Next" HREF="007767.html">
</HEAD>
<BODY BGCOLOR="#ffffff">
<H1>[Mageia-discuss] A possible risk ?</H1>
<B>Diego Bello</B>
<A HREF="mailto:mageia-discuss%40mageia.org?Subject=Re%3A%20%5BMageia-discuss%5D%20A%20possible%20risk%20%3F&In-Reply-To=%3CCAJyy6UTzVGkkJU-74o_fogfKTRPEsUsvgM24h-Wen5JO_DfoeA%40mail.gmail.com%3E"
TITLE="[Mageia-discuss] A possible risk ?">dbello at gmail.com
</A><BR>
<I>Wed Feb 8 19:08:55 CET 2012</I>
<P><UL>
<LI>Previous message: <A HREF="006445.html">[Mageia-discuss] A possible risk ?
</A></li>
<LI>Next message: <A HREF="007767.html">[Mageia-discuss] A possible risk ?
</A></li>
<LI> <B>Messages sorted by:</B>
<a href="date.html#6446">[ date ]</a>
<a href="thread.html#6446">[ thread ]</a>
<a href="subject.html#6446">[ subject ]</a>
<a href="author.html#6446">[ author ]</a>
</LI>
</UL>
<HR>
<!--beginarticle-->
<PRE>On Wed, Feb 8, 2012 at 11:39 AM, Wolfgang Bornath
<<A HREF="https://www.mageia.org/mailman/listinfo/mageia-discuss">molch.b at googlemail.com</A>> wrote:
><i> 2012/2/8 Diego Bello <<A HREF="https://www.mageia.org/mailman/listinfo/mageia-discuss">dbello at gmail.com</A>>:
</I>>><i> On Wed, Feb 8, 2012 at 11:01 AM, Wolfgang Bornath
</I>>><i> <<A HREF="https://www.mageia.org/mailman/listinfo/mageia-discuss">molch.b at googlemail.com</A>> wrote:
</I>>>><i> 2012/2/8 Anne Wilson <<A HREF="https://www.mageia.org/mailman/listinfo/mageia-discuss">annew at kde.org</A>>:
</I>>>>><i> On Wednesday 08 February 2012 15:13:57 Anne Wilson wrote:
</I>>>>>><i> Yes, I have seen postings like "why do I have to use passwords" and
</I>>>>>><i> "why can I not log in KDE as root" more than once. Are these people
</I>>>>>><i> our target group? If so than - have fun! What strikes me is that you
</I>>>>>><i> of all people are advocating a loosening of security with no real
</I>>>>>><i> reason.
</I>>>>><i>
</I>>>>><i> I do not want to have to give the root password to members of my family that
</I>>>>><i> are, frankly, clueless on tech-matters.  At the same time, I do want them to
</I>>>>><i> apply at least security updates.  Being able to accept updates from a trusted
</I>>>>><i> source (direct from Mageia) with only their user password is the safest their
</I>>>>><i> systems can have.
</I>>>><i>
</I>>>><i> I understand the reasons. But you know as well as everybody else that
</I>>>><i> sometimes updates do not work as easy as they should. It could be
</I>>>><i> caused by a faulty mirror or by a glitch in a package (which should
</I>>>><i> not happen but "should not happen" implies "can happen") or whatever
</I>>>><i> other reason. Then your family members will wait for you anyway (in
</I>>>><i> the best case) without knowing what happened - while they could have
</I>>>><i> been happily working or entertaining themselves until you come and do
</I>>>><i> the updates.
</I>>>><i>
</I>>>><i> Apart from the understandable quest to make it easy on the unwashed
</I>>>><i> masses - it is still a security break - see what I have written about
</I>>>><i> the ability of xguest to do updates (while xguest was invented to
</I>>>><i> leave the system without garbage or damage at the end of his/her
</I>>>><i> session).
</I>>>><i>
</I>>>><i> --
</I>>>><i> wobo
</I>>><i>
</I>>><i> A bad update will break your system no matter if you are root or not.
</I>><i>
</I>><i> That's actually a point in favor of the need for the root password -
</I>><i> if the system breaks: the user can not do anything at all - instead he
</I>><i> will have to go for a walk until root comes to fix the problem. So why
</I>><i> do you insist on letting poor user take that risk by default?
</I>><i>
</I>><i> --
</I>><i> wobo
</I>
Because a simple update should not break the system. They should work
all the time, just like printers or the Internet connection :p.
Now, seriously talking, I have installed updates with my user all the
time and never had a problem. This case is an exception and I don't
thing of it as a bug, except for the feature that it can be done by a
guest user.
--
Diego Bello Carreño
</PRE>
<!--endarticle-->
<HR>
<P><UL>
<!--threads-->
<LI>Previous message: <A HREF="006445.html">[Mageia-discuss] A possible risk ?
</A></li>
<LI>Next message: <A HREF="007767.html">[Mageia-discuss] A possible risk ?
</A></li>
<LI> <B>Messages sorted by:</B>
<a href="date.html#6446">[ date ]</a>
<a href="thread.html#6446">[ thread ]</a>
<a href="subject.html#6446">[ subject ]</a>
<a href="author.html#6446">[ author ]</a>
</LI>
</UL>
<hr>
<a href="https://www.mageia.org/mailman/listinfo/mageia-discuss">More information about the Mageia-discuss
mailing list</a><br>
</body></html>
|
