[Mageia-discuss] A possible risk ?

Claire Robinson eeeemail at gmail.com
Wed Feb 8 13:47:41 CET 2012


On 08/02/12 12:35, Michael Scherer wrote:
> Le mercredi 08 février 2012 à 08:47 -0300, Renaud (Ron) Olgiati a
> écrit :
>> On Wednesday 08 Feb 2012 08:37 my mailbox was graced by a message from Claire
>> Robinson who wrote:
>>>> I ended up installing Mageia 1 on his box, but I wonder why does the
>>>> distribution allow the user to potentially hose his system, when it
>>>> requires the root password to install a prog ?
>>>> Would it not make more sense to ask for the root password for the updates?
>>
>>> It is configurable in MCC. You can find it under Security =>  Configure
>>> authentication for Mageia Tools.
>>> Just select root for Update.
>>
>> Brilliant, thanks.
>>
>> But would it not make more sense to have the default changed to root ?
>
> That totally miss the point, which is that a upgrade hosed the system.
> Would requiring the root password have changed that ? I doubt.
>
> However, if the user cannot do upgrade without asking to someone else
> ( because that's the whole point of having 2 different passwords, else,
> that's just a nuisance that will confuse most people ), then he will
> likely miss security and bugfixes updates, and that's problematic.
>
> And I truly doubt that having a separate person ( ie, asking to someone
> else who has the root password ) would have avoid any issues due to
> upgrade. I am pretty sure that both of us would have also updated the
> computer.
>
> The risk is the lack of QA, and I have been repeating this since a long
> time. If people cannot trust updates, they will use them, and they face
> issues and security problems, and that will tarnish our reputation,
> among others.


I don't think QA is an issue regarding updates to 1. Do you really feel 
that way or were you meaning in a more general way?

Ensuring an upgrade path from Mandriva 2010.2 is really something we (QA 
team) would expect maintainers to maintain.




More information about the Mageia-discuss mailing list