On Wednesday 18 November 2009 01:35:30 pm Simo Sorce wrote: > On Wed, 2009-11-18 at 13:23 -0500, Seth Vidal wrote: > > I'm not sure how this is 'surprise root'. IT will only allow installs > > of pkgs signed with a key you trust from a repo you've setup. > > > > which pretty much means: if the admin trusts the repo, then it is > > okay. > > > > if the admin doesn't trust the repo it should NOT be on the box and > > enabled b/c an untrusted repo can nuke your entire world. > > I may trust the repo, that doesn't mean I want to allow installation of > any package that happens to live on that repo. I agree with this sentiment. It would be a huge surprise for setuid apps to suddenly start showing up on boxes. > The problem is the *Default* not the fact that you can consciously allow > users to update without a password. And I wonder what the audit trail will show? Does it show which user installed these packages? -Steve -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
