Is it time to allow Chromium in Fedora?

Mustafa Muhammad mustafa1024m at gmail.com
Tue Aug 11 21:00:21 UTC 2015 

On Aug 11, 2015 11:29 PM, "Reindl Harald" <h.reindl at thelounge.net> wrote:
>
>
>
> Am 11.08.2015 um 22:18 schrieb Mustafa Muhammad:
>>
>>  > If I knew Mozilla's Linux binaries provided its own update mechanism
>>  > and notification, yes I would do exactly that.
>>
>> I am pretty sure they get updated just like Windows and OS X binaries,
>> but the tar ball should be extracted in a user writable location
>
>
> nonsense
>
> *if* you use binary tarballs they *should not* be extracted in a user
writeable location as *no binary* whenever possible should have permissions
allowing a ordinary user to change them
>
> they should be extracted to /usr/local/ with root-only write-permissions
and you have to just start the application as root for updates - not only
on Linux, on *any* operating system
>
> and since most users are not able to cope with this security principals
package managers exists
> _________________________________________
>
> http://www.tldp.org/HOWTO/Security-HOWTO/file-security.html
>
> World-writable files, particularly system files, can be a security hole
if a cracker gains access to your system and modifies them. Additionally,
world-writable directories are dangerous, since they allow a cracker to add
or delete files as he wishes

My home is not world writable.
The way you pointed is the better way, of course, but I think even my
simple way is better than waiting for package updates from the repos when
an exploit is in the wild.

> _________________________________________
>
> as long as you did not inherit that principles you have no clue about
security and will be the first victim of exploits on non-windows systems
>
>
> --
> devel mailing list
> devel at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/devel
> Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.fedoraproject.org/pipermail/devel/attachments/20150812/f4b62689/attachment.html>

More information about the devel mailing list