Local users get to play root?
Arnaud Gomes-do-Vale
Arnaud.Gomes at ircam.fr
Wed Nov 18 23:01:42 UTC 2009
Adam Williamson <awilliam at redhat.com> writes:
> I do not see how that's relevant, frankly. For it to be relevant it
> would have to be true to state that, if you need root privileges to
> install signed packages, it's absolutely no problem if a signed package
> is evil. Obviously, that's not at all true. An evil 'trusted' package
> would be a Very Bad Thing in any case. Whether you need to be root to
> install a trusted package or not is entirely orthogonal, as far as I can
> see.
Really? You are talking about changing "the local administrator trusts
*this* package" to "the local administrator trusts whoever has the
signing key for Fedora to decide which packages should be installed".
--
Arnaud
More information about the devel
mailing list