[Mageia-discuss] A possible risk ?

Florian Hubold doktor5000 at arcor.de
Wed Feb 8 13:50:46 CET 2012


Am 08.02.2012 13:35, schrieb Michael Scherer:
> Le mercredi 08 février 2012 à 08:47 -0300, Renaud (Ron) Olgiati a
> écrit :
>> On Wednesday 08 Feb 2012 08:37 my mailbox was graced by a message from Claire 
>> Robinson who wrote:
>>>> I ended up installing Mageia 1 on his box, but I wonder why does the
>>>> distribution allow the user to potentially hose his system, when it
>>>> requires the root password to install a prog ?
>>>> Would it not make more sense to ask for the root password for the updates?
>>> It is configurable in MCC. You can find it under Security => Configure 
>>> authentication for Mageia Tools.
>>> Just select root for Update.
>> Brilliant, thanks.
>>
>> But would it not make more sense to have the default changed to root ?
> That totally miss the point, which is that a upgrade hosed the system.
> Would requiring the root password have changed that ? I doubt. 
>
> However, if the user cannot do upgrade without asking to someone else
> ( because that's the whole point of having 2 different passwords, else,
> that's just a nuisance that will confuse most people ), then he will
> likely miss security and bugfixes updates, and that's problematic. 
>
> And I truly doubt that having a separate person ( ie, asking to someone
> else who has the root password ) would have avoid any issues due to
> upgrade. I am pretty sure that both of us would have also updated the
> computer. 
>
> The risk is the lack of QA, and I have been repeating this since a long
> time. If people cannot trust updates, they will use them, and they face
> issues and security problems, and that will tarnish our reputation,
> among others.
Well, you also miss the point if the cause for this breakage (maybe some packages
that are currently missing/only available in an older version compared to Mandriva)
is not reported, we can't really fix it, no?

So just telling: "An upgrade from Mandriva broke my machine" will do no good at
all,
IMHO.


More information about the Mageia-discuss mailing list