Re: fedora-list Digest, Vol 59, Issue 209

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Subject: Re: Package Manager Denies Permission to Install
To: "Community assistance, encouragement,	and advice for using
	Fedora." <fedora-list@xxxxxxxxxx>
Message-ID: <1232745649.5954.36.camel@cyrus>
Content-Type: text/plain

On Fri, 2009-01-23 at 12:10 -0500, R. G. Newbury wrote:
> > Jeff Spaleta <jspaleta@xxxxxxxxx> wrote:
> >  > > Kevin Kofler <kevin.kofler@xxxxxxxxx> wrote:
> >  > > But PolicyKit does not work in a root session:
> >  > > https://bugzilla.redhat.com/show_bug.cgi?id=447266
> >
> >  > Hmm...this is probably worthy of some nuanced and masterfully
> > > persuasive oratory as to where to strike the balance between designing
> >  > for expected use cases and designing a system with flexibility to
> >  > accomedate local needs even when those use cases are not considered
> >  > best practises.  .
> >
> > No nuanced and masterfully persuasive oratory can disguise the fact that
> >    someone has made *and enforced* a decision that *they know better
> > than the user* how "THINGS MUST BE DONE" purely because the doing, is
> > considered to be 'not best practice'.
> >
> > In this particular case, the 'best practice' enforcement approaches
> > religious fervour in its application. In the particular instance which
> > started this thread, PolicyKit nags about being root, and then *refuses*
> > to allow the installation of an rpm! It does not deny the right to
> > download and install the rpm in a console....It just denies the user the
> > advantages of using PackageManager to resolve dependenices directly.
> >
> > And *exactly* what nuanced extra is added to the equation, by forcing
> > the administrator to log out of root, to log in as a user, to do the
> > same thing? Especially in a circumstance where the install is actually
> > desired to be general and not user-local? This position is idiocy.
> >
> > I don't mind a nag. I DO mind unknown and unaccountable people
> > attempting to enforce their quasi-religious beliefs on me (by
> > quasi-religious, I mean the attitude which equates doing anything while
> > root is akin to giving booze and car-keys to seventeen year old boys:
> > instantly and always catastrophically dangerous.) I know using root can
> > increase the probability of disaster. But I want to be able to decide
> > what the limits of my risk tolerance are, not have someone else do it.
> >
> > That argument, the libertarian argumnent is one of the underlying bases > > of the free software movement. Let's have it recognized and venerated in
> > the code!
> >
> > Geoff
>My memory is that the designer of PackageManager indicated on the list
>that running PackageManager as root has security problems that running
>it as a user and entering the root password does not have. I believed
>him. Your objection is that it makes you log as a user rather than as
>root.

No particular instances of 'security problems' were actually indicated, so we are left with usual position, that an exploit or breach of a user account will do 'less' damage than a breach of a root account. Firstly this is based on the unstated assumption that the exploit cannot be escalated. And secondly, this is based on the unstated assumption that PackageManager has security problems. If so, it does not actually matter what user runs the program: any exploit could be easily escalated by using PackageManager to install a rootkit...

My objection is that he has arrogated to himself the power to determine how I can operate my computer. So not all of the "free"'s apply to this software.

>I believe in the theory that "freedom" derives from the words free doom
indicating that everyone has a right to commit suicide in his (or her)
own way. I strongly support your committing suicide in any way you
desire.

Not quite the real etymology of 'freedom' but if you strongly support my desires I hope you will join me in castigating the designer of PackageManager.
Geoff


--
        Please let me know if anything I say offends you.
         I may wish to offend you again in the future.

         Tux says: "Be regular. Eat cron flakes."

--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora Magazine]     [Fedora News]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [SSH]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux