On Wed, 2009-11-18 at 13:41 -0500, Konstantin Ryabitsev wrote: > 2009/11/18 Simo Sorce <ssorce@xxxxxxxxxx>: > > On Wed, 2009-11-18 at 13:19 -0500, Konstantin Ryabitsev wrote: > >> This significantly limits the number of users with powers to install > >> signed software -- almost to the point of where it sounds like a fair > >> trade-off. If someone has physical access to the machine, then heck -- > >> it's not like they don't already effectively "own" it. > > > > Most of my users wouldn't be able to "own" it even if I let a root shell > > open, but they would definitely be able to install or remove packages > > using the GUI. > > > > The difference is huge. > > If I have physical access to your machine, I'll own it. I may have to > use tools to get to the HDD, but it's only a question of time and > dedication. *you* are not one of my users, and this has nothing to do with *you* hacking in my machine. If I have physical access to a machine I do not even care about what's installed on it. In 99% of the cases I will just be able to boot from a live cd. That's a completely different issue. Simo. -- Simo Sorce * Red Hat, Inc * New York -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
