Matthew Miller <mattdm@xxxxxxxxxx> wrote: > On Thu, Jul 19, 2007 at 09:50:33AM -0400, seth vidal wrote: > > > system level software. That's useful -- but, as mentioned, kinda > > > crack-ridden. (Partly, of course, because the distinction between user > > > level and system level is very blurry.) > > blurry? no it's completely non-existent. :) > There's at least a whole lot of overlap. :) Nope. If it has to be installed/configured/managed by root, it is system software, regardless of it being the kernel or a game. The stuff in $HOME is yours to mess around with. To think otherwise is creating a whole new landscape of operating system... and that can't be handled by just "OK, let's install <foo kind of packages> by default under the control of Joe R. User", there has to be a _lot_ more thought behind it. > > This feels pretty scary. We'd constantly be moving the line to > > accommodate varying levels of paranoia - and we'd have a big list we'd > > have to keep current to make sure it wasn't outdated. > Maybe just a simple list of white-listed packages, then. If this were done, > I'd think the default Fedora config should be very very conservative (and, > also, the entire feature off), but having that infrastructure there could be > very helpful for controlled environments. Exactly the other way around. In a controlled environment, you could give the root password (or a suitably restricted sudo(1) entry) to assorted users, or require users to contact the sysadmin to install stuff. If you are thinking about the machines in a lab, the /very last/ thing you want is different configurations because on each machine a random user, way back, ran some program with unusual flags, and didn't note that this meant installing some gunk. So this /can/ be handled locally (fully respecting the local level of paranoia and configuration consistency requirements) right now with a bit of work. -- Dr. Horst H. von Brand User #22616 counter.li.org Departamento de Informatica Fono: +56 32 2654431 Universidad Tecnica Federico Santa Maria +56 32 2654239 Casilla 110-V, Valparaiso, Chile Fax: +56 32 2797513 -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
