On 8/19/07, Gian Paolo Mureddu <gmureddu@prodigy.net.mx> wrote:

Then change your .bashrc to include /sbin in the PATH, don't do it
"universally" for all users and much less *enforce* insecure practices.

 This part isn't an important debate so I'm skipping to the next part.

Are we going completely out of our minds here?? Since when alerting the
user that s/he's about to do something that will affect the whole system
is a bad idea? I do agree that having two password pop ups might not be
the best or most elegant solution, but neither is "opening up" the
system and putting it at risk. Getting rid of that extra layer *is*
putting the system at risk.

Ok, here is where we need to frame the discussion.  The scenario I am thinking of is a Fedora spin that is in the "XP/OS X" category.  Adding a password prompt of any kind, no less for some other "root" password, *actively harms security*.

Why?  Because the most important thing you can do for security - THE most important - for a home user desktop is to get them updates reliably and as painlessly as possible.  In particular for the web browser.  It's completely ironic to me that people are wanting to add password prompts for installing software from GPG-signed Fedora repositories when it's quite possibly the LEAST dangerous thing one could do on a computer. 

Why don't we have a password prompt before you can start the web browser?