[Mageia-discuss] A possible risk ?
Michael Scherer
misc at zarb.org
Wed Feb 8 13:35:01 CET 2012
Le mercredi 08 février 2012 à 08:47 -0300, Renaud (Ron) Olgiati a
écrit :
> On Wednesday 08 Feb 2012 08:37 my mailbox was graced by a message from Claire
> Robinson who wrote:
> > > I ended up installing Mageia 1 on his box, but I wonder why does the
> > > distribution allow the user to potentially hose his system, when it
> > > requires the root password to install a prog ?
> > > Would it not make more sense to ask for the root password for the updates?
>
> > It is configurable in MCC. You can find it under Security => Configure
> > authentication for Mageia Tools.
> > Just select root for Update.
>
> Brilliant, thanks.
>
> But would it not make more sense to have the default changed to root ?
That totally miss the point, which is that a upgrade hosed the system.
Would requiring the root password have changed that ? I doubt.
However, if the user cannot do upgrade without asking to someone else
( because that's the whole point of having 2 different passwords, else,
that's just a nuisance that will confuse most people ), then he will
likely miss security and bugfixes updates, and that's problematic.
And I truly doubt that having a separate person ( ie, asking to someone
else who has the root password ) would have avoid any issues due to
upgrade. I am pretty sure that both of us would have also updated the
computer.
The risk is the lack of QA, and I have been repeating this since a long
time. If people cannot trust updates, they will use them, and they face
issues and security problems, and that will tarnish our reputation,
among others.
--
Michael Scherer
More information about the Mageia-discuss
mailing list