low-hanging fruit
Colin Walters
walters at redhat.com
Mon Aug 20 16:02:56 UTC 2007
On 8/19/07, Gian Paolo Mureddu <gmureddu at prodigy.net.mx> wrote:
>
>
> Then change your .bashrc to include /sbin in the PATH, don't do it
> "universally" for all users and much less *enforce* insecure practices.
This part isn't an important debate so I'm skipping to the next part.
>
> Are we going completely out of our minds here?? Since when alerting the
> user that s/he's about to do something that will affect the whole system
> is a bad idea? I do agree that having two password pop ups might not be
> the best or most elegant solution, but neither is "opening up" the
> system and putting it at risk. Getting rid of that extra layer *is*
> putting the system at risk.
Ok, here is where we need to frame the discussion. The scenario I am
thinking of is a Fedora spin that is in the "XP/OS X" category. Adding a
password prompt of any kind, no less for some other "root" password,
*actively harms security*.
Why? Because the most important thing you can do for security - THE most
important - for a home user desktop is to get them updates reliably and as
painlessly as possible. In particular for the web browser. It's completely
ironic to me that people are wanting to add password prompts for installing
software from GPG-signed Fedora repositories when it's quite possibly the
LEAST dangerous thing one could do on a computer.
Why don't we have a password prompt before you can start the web browser?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.fedoraproject.org/pipermail/desktop/attachments/20070820/b577a04a/attachment.html
More information about the desktop
mailing list