On 11/19/2009 03:37 PM, Jeff Garzik wrote: > On 11/19/2009 12:16 PM, Simon Andrews wrote: >> Bill Nottingham wrote: >>> Jeff Garzik (jgarzik@xxxxxxxxx) said: >>>> This sounds like a tacit admission that the default install for >>>> servers is bloody stupid (== same as desktop), unless the admin >>>> REMOVES packages we helpfully installed on the server system. >>> >>> PackageKit has only ever been included in destkop package groups. >>> While these groups are enabled by default, they are with the caveat of: >>> >>> "The default installation of Fedora includes a set of software >>> applicable for general internet usage." >> >> I've just been and checked on our servers, which were installed with >> minimal packages and never used for desktop activities and found two of >> them with PackageKit installed. >> >> Looking at the dependencies there is nothing on those machines which >> currently requires PackageKit so it could be cleanly removed, but >> something has pulled this in as a dependency in the past. >> >> Both of these machines have been through sequential upgrades from around >> FC3. >> >> Changing the behaviour of PackageKit would certainly affect me and I've >> never explicity installed it. > > Indeed. This issue is giving Fedora a major black eye in security. > > And this major security issue -- where admins upgrade into insecurity -- > is just hand-waved away even though it applies to a lot of situations. Seriously, quit spreading this "it's hand-waved away" FUD. Elsewhere in the thread, notably without your participation, people have started discussing both guidelines for how polkit policy should work and also mentioned that they're going to bring this specific case up at the next FESCo meeting and try to deal with it. So seriously, quit pontificating about how your opinion is the truth, the way, and the light, and start reading what others are saying. It's not as you seem to think is is. -- Peter I was born not knowing and have had only a little time to change that here and there. -- Feynman -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list