2009/11/18 Casey Dahlin <cdahlin@xxxxxxxxxx>: >> Because sudo doesn't use policykit? Because sudo gives you full root >> access -- not just ability to install trusted software from trusted >> repositories? Moreover, even sudo doesn't ask me again if I invoke it >> within 5 minutes of using it (or however long it is). >> >> Regards, > > But why is it neccesary? That was more my point. > > The answer is: because being associated with a login on the local console doesn't verify that it is a /user/ in control. Yes, this is security trade-off -- and with valid arguments. Does it make sense to have this as a default configuration for a desktop-oriented distribution? Quite possibly. Fedora installations in managed environments have qualified sysadmins that can alter this policy -- but a user who installs Fedora at home will probably welcome not having to type in a root password when they want to install a gimp plugin. If experience with Vista has shown us anything, is that people absolutely hate when they have to make constant decisions about most minute details of their system's operation. I installing trusted software such "minute operation?" Perhaps. I'm just trying to point out that this is very, very far from "OMG LOCAL ROOT FOR EVERYONE" as implied in the original email. Regards, -- McGill University IT Security Konstantin Ryabitsev Montréal, Québec -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
