On Tue, 2006-01-10 at 13:26 -0500, Peter Jones wrote: > The premise here is obviously that he's not connected to the RH network > except when he's logged in as his user, and the other users neither > neither use his account nor access his laptop remotely. We are assuming that these users are not acting maliciously, and that their accounts have not been compromised. But if we're making that assumption, then it doesn't actually matter much if they _do_ have access, does it? Yes, having the key be per-user in NM does prevent other users from _deliberately_ (or even accidentally) using it when the 'authorised' user isn't currently logged in. But the 'per-user' nature of the connection is just an illusion -- in the case where the other user's account is compromised by a trojan or an SSH worm, the VPN 'solution' still allows that infection to propagate through the VPN connection. Other methods of connection like SSH don't allow that to happen, because they really _are_ per-user, while network connectivity in practice is not. > I think we all agree that WEP keys should at least have the option of > being global. Do we? I reported this fault when a NetworkManager package in updates-testing started asking me for a password, and that package still went into FC4 updates-released -- and it's still not fixed in rawhide either. If we all agree, shall we make bug #174467 a FC5Blocker then? > Let's all stop being didactic, argumentative lunatics > about our reasons why they should have some other mode as well. I assume that's directed at GNOME folks rather than myself, as I've never said it shouldn't allow a per-user option. I just questioned the value of the per-user mode in the real world. Yes, I accept that you can find some weird situations in which it makes sense, so it should be possible -- but it certainly shouldn't be the _default_, let alone the _only_ mode available. -- dwmw2 -- fedora-test-list mailing list fedora-test-list@xxxxxxxxxx To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-test-list