On Mon, Jan 19, 2009 at 9:52 AM, Kam Leo <kam.leo@xxxxxxxxx> wrote: > On Mon, Jan 19, 2009 at 9:27 AM, Richard Hughes <hughsient@xxxxxxxxx> wrote: >> On Mon, 2009-01-19 at 10:03 -0500, R. G. Newbury wrote: >>> Clicking on the link gave the usual 'what do you want to do' message. >>> Clicking install raised a warning about installing as root. I clicked >>> continue....and got a message that I 'didn't have permission to >>> continue' (or words to that effect) and my system, having assumed >>> god-like powers refused to let me install the file! >> >> Logging in as root is like walking around with a loaded shotgun in your >> belt with no safety latch. You can't install packages as the root user >> as it's simply not secure. Just use a normal user login. >> >>> WTF??? Does anyone know where this little bit of insanity is stored >>> and how to remove it? >> >> It's called PackageKit, and it's not insane. If you're running gtk+ as >> root, you're already insecure. >> >> Richard. > > Regardless of the security rant, the default settings for yum should > have enabled the Everything repository. Just use yum to install the > package. As a bonus yum will also add any dependencies you might have > missed. Add/Remove Software from the GUI should also be able to do the > same. > Just another thought, the security rant is pointless. A user can just as easily copy the file's URL, open a terminal, and install the package using rpm. What's the difference whether the package got installed by root or via "su"? If the package has malicious content you're hosed. Trust begins with whomever is given root/superuser privileges and the site hosting the packages. -- fedora-list mailing list fedora-list@xxxxxxxxxx To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines