[Mageia-discuss] A possible risk ?
Wolfgang Bornath
molch.b at googlemail.com
Wed Feb 8 17:01:09 CET 2012
2012/2/8 Anne Wilson <annew at kde.org>:
> On Wednesday 08 February 2012 15:13:57 Anne Wilson wrote:
>> Yes, I have seen postings like "why do I have to use passwords" and
>> "why can I not log in KDE as root" more than once. Are these people
>> our target group? If so than - have fun! What strikes me is that you
>> of all people are advocating a loosening of security with no real
>> reason.
>
> I do not want to have to give the root password to members of my family that
> are, frankly, clueless on tech-matters. At the same time, I do want them to
> apply at least security updates. Being able to accept updates from a trusted
> source (direct from Mageia) with only their user password is the safest their
> systems can have.
I understand the reasons. But you know as well as everybody else that
sometimes updates do not work as easy as they should. It could be
caused by a faulty mirror or by a glitch in a package (which should
not happen but "should not happen" implies "can happen") or whatever
other reason. Then your family members will wait for you anyway (in
the best case) without knowing what happened - while they could have
been happily working or entertaining themselves until you come and do
the updates.
Apart from the understandable quest to make it easy on the unwashed
masses - it is still a security break - see what I have written about
the ability of xguest to do updates (while xguest was invented to
leave the system without garbage or damage at the end of his/her
session).
--
wobo
More information about the Mageia-discuss
mailing list