Subject: Re: Package Manager Denies Permission to Install
To: "Community assistance, encouragement, and advice for using
Fedora." <fedora-list@xxxxxxxxxx>
Message-ID: <1232745649.5954.36.camel@cyrus>
Content-Type: text/plain
On Fri, 2009-01-23 at 12:10 -0500, R. G. Newbury wrote:
> > Jeff Spaleta <jspaleta@xxxxxxxxx> wrote:
> > > > Kevin Kofler <kevin.kofler@xxxxxxxxx> wrote:
> > > > But PolicyKit does not work in a root session:
> > > > https://bugzilla.redhat.com/show_bug.cgi?id=447266
> >
> > > Hmm...this is probably worthy of some nuanced and masterfully
> > > persuasive oratory as to where to strike the balance between
designing
> > > for expected use cases and designing a system with flexibility to
> > > accomedate local needs even when those use cases are not considered
> > > best practises. .
> >
> > No nuanced and masterfully persuasive oratory can disguise the fact
that
> > someone has made *and enforced* a decision that *they know better
> > than the user* how "THINGS MUST BE DONE" purely because the doing, is
> > considered to be 'not best practice'.
> >
> > In this particular case, the 'best practice' enforcement approaches
> > religious fervour in its application. In the particular instance which
> > started this thread, PolicyKit nags about being root, and then
*refuses*
> > to allow the installation of an rpm! It does not deny the right to
> > download and install the rpm in a console....It just denies the
user the
> > advantages of using PackageManager to resolve dependenices directly.
> >
> > And *exactly* what nuanced extra is added to the equation, by forcing
> > the administrator to log out of root, to log in as a user, to do the
> > same thing? Especially in a circumstance where the install is actually
> > desired to be general and not user-local? This position is idiocy.
> >
> > I don't mind a nag. I DO mind unknown and unaccountable people
> > attempting to enforce their quasi-religious beliefs on me (by
> > quasi-religious, I mean the attitude which equates doing anything
while
> > root is akin to giving booze and car-keys to seventeen year old boys:
> > instantly and always catastrophically dangerous.) I know using root
can
> > increase the probability of disaster. But I want to be able to decide
> > what the limits of my risk tolerance are, not have someone else do it.
> >
> > That argument, the libertarian argumnent is one of the underlying
bases
> > of the free software movement. Let's have it recognized and
venerated in
> > the code!
> >
> > Geoff
>My memory is that the designer of PackageManager indicated on the list
>that running PackageManager as root has security problems that running
>it as a user and entering the root password does not have. I believed
>him. Your objection is that it makes you log as a user rather than as
>root.
No particular instances of 'security problems' were actually indicated,
so we are left with usual position, that an exploit or breach of a user
account will do 'less' damage than a breach of a root account. Firstly
this is based on the unstated assumption that the exploit cannot be
escalated. And secondly, this is based on the unstated assumption that
PackageManager has security problems. If so, it does not actually matter
what user runs the program: any exploit could be easily escalated by
using PackageManager to install a rootkit...
My objection is that he has arrogated to himself the power to determine
how I can operate my computer. So not all of the "free"'s apply to this
software.
>I believe in the theory that "freedom" derives from the words free doom
indicating that everyone has a right to commit suicide in his (or her)
own way. I strongly support your committing suicide in any way you
desire.
Not quite the real etymology of 'freedom' but if you strongly support my
desires I hope you will join me in castigating the designer of
PackageManager.
Geoff
--
Please let me know if anything I say offends you.
I may wish to offend you again in the future.
Tux says: "Be regular. Eat cron flakes."
--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
