On Wed, 2009-11-18 at 13:19 -0500, Konstantin Ryabitsev wrote:
This significantly limits the number of users with powers to install
signed software -- almost to the point of where it sounds like a fair
trade-off. If someone has physical access to the machine, then heck --
it's not like they don't already effectively "own" it.
Most of my users wouldn't be able to "own" it even if I let a root shell
open, but they would definitely be able to install or remove packages
using the GUI.
The difference is huge.
Simo.
--
Simo Sorce * Red Hat, Inc * New York