Am 2009-11-18 19:28, schrieb Seth Vidal:
On Wed, 18 Nov 2009, Simo Sorce wrote:
On Wed, 2009-11-18 at 13:10 -0500, Seth Vidal wrote:
Maybe you have a different concept of security, but I don't want any
user on
the server installing software, no matter what.
right - which is why I wouldn't install PK on a server.
yum doesn't allow users to install pkgs, only root.
Seth, the fact you prefer to use yum doesn't make it right to have an
insecure-by-default policy.
I didn't say it did - I said it didn't make sense to have items like PK
on servers.
It doesn't make sense to define the security setup of a machine based on
"oh well packagekit is installed, so it must be a desktop machine for
which there is one or maybe two primary users who are all trusted to
decide if they want to install software".
The fact is that there is quite a lot of badly written software that
requires X to install. In fact, Red Hat's documentation tends to assume
that X is installed by default. So do Red Hat's courses. And even their
toolset. Ever used system-config-lvm-tui? No, it doesn't exist.
If X is there, PackageKit is there. The claimed link between the
intended use and security profile of a machine depending on whether
PackageKit is installed makes no sense.
It doesn't matter if I or you prefer @core on our servers, the customers
want X because they're new to Linux and feel comfortable with it. They
won't have some arcane knowledge about the disconnect between yum and
rpm with packagekit, and how sometimes you have to be root, sometimes
you don't.
Secure by default please, otherwise turn off selinux by default.
--
fedora-devel-list mailing list
fedora-devel-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-devel-list
