On 10/20/2009 09:35 PM, Bill Nottingham wrote:
Jeroen van Meeuwen (kanarip@xxxxxxxxxxx) said:
Good god... So this is how you think you can determine whether
allowing users to install unsigned packages is a good idea or not,
better then anyone else can? I'm doubting whether you've ever
administered some real-life desktop systems
Given that it essentially allows any user to root the box, yeah,
I think it's a safe statement that it's a bad idea to grant that
to users and not grant them other privleges.
Yes it does potentially allow users to nuke their systems if they know
how to, or install packages from people that know how to. Essentially,
those packages come from proprietary vendors that don't know how to just
because they are proprietary vendors, but if they were to know how to,
then installing their packages would nuke a system or two.
You're entirely right, both you and David. It is a very bad idea to have
your users install an RPM that is unsigned (which is not the same as an
untrusted source), and so we should all flip the bird to the customer
(also part of the ecosystem that enables Red Hat to pay your salary).
Last I'll say in this "discussion", FFS.
-- Jeroen
--
Fedora-desktop-list mailing list
Fedora-desktop-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-desktop-list
