Hi Rui, Thank you for your suggestion and I have just finished rewriting all of my tutorials at http://fedoranews.org/tchung/ I even mentioned your name in http://fedoranews.org/tchung/rpmbuild/ It wasn't easy since I has to rewrite them all and test them all. I think it took about 6 hours and I didn't go to bed until 5:00 am last night. I hope I get your approval this time :) regards, Thomas Chung FedoraNEWS.ORG ---------- Original Message ----------- From: Rui Miguel Seabra <rms@xxxxxxxx> To: tchung@xxxxxxxxxxxxxx, fedora-list@xxxxxxxxxx Sent: Mon, 05 Jan 2004 09:55:37 +0000 Subject: About your mplayerplug-in article > Hi, > > The article is so bad from the point of minimal security > precautions that it is a scandal to advise users to do all those > things with the user root. > > It starts from switching to user root (with ABSOLUTELY no need to > do it but until the very act of installing with rpm -ivh ...) and invites > users to do actions that SHOULD NOT be done with the root user, like > running applications which fetch foreign uncontrollable data from the > net and even worse: compiling as root (SHUDDER). > > If you continue fomenting a trend of using the user root for > everything, very soon many GNU/Linux users will use the system with > root, suffering security problems that would leave Windows 95 > looking as a most secure OS. > > Let's start at the beginning: > > DON'T SWITCH TO root, and please notice that in an ideal situation > you SHOULD use another user than yours to compile software... > > be perfectly happy with your normal user account: > > [jdoe@house jdoe]$ mkdir cvs > [jdoe@house jdoe]$ cd cvs > [jdoe@house jdoe]$ export > CVSROOT=:pserver:anonymous@xxxxxxxxxxxxxxxxxxx:/cvsroot/mplayerplug- > in [jdoe@house jdoe]$ cvs login [jdoe@house jdoe]$ cvs -z3 co > mplayerplug-in [jdoe@house jdoe]$ cd mplayerplug-in [jdoe@house > jdoe]$ ./configure [jdoe@house jdoe]$ make dist [jdoe@house jdoe]$ > mv mplayerplug-in-*gz /tmp [jdoe@house jdoe]$ cd ~/ [jdoe@house > jdoe]$ mkdir -p redhat/{RPMS/{i386,noarch,i686},SRPMS,SPECS,SOURCES,BUILD} > [jdoe@house jdoe]$ echo '%_topdir /home/jdoe/redhat' >> ~/.rpmmacros > [jdoe@house jdoe]$ rpmbuild -ta /tmp/mplayerplug-in-....gz > [jdoe@house jdoe]$ su - > [root@house root]# rpm -Uvh > /home/jdoe/redhat/RPMS/i386/mplayerplug-in-1.0-1.fc1.i386.rpm > > PLEASE DO BE more careful with your advice in the future, what you just > advised is tantamount to giving a 4 year old a loaded gun to play. > > Regards, Rui > > -- > + No matter how much you do, you never do enough -- unknown > + Whatever you do will be insignificant, > | but it is very important that you do it -- Gandhi > + So let's do it...? > > Please AVOID sending me WORD, EXCEL or POWERPOINT attachments. > See http://www.fsf.org/philosophy/no-word-attachments.html ------- End of Original Message -------
