[Mageia-discuss] beta2 woes and no graphical root (tonyb)

Thu Apr 12 16:05:23 CEST 2012

TJ <andrewsfarm at ...> writes:

> 
> On 04/11/2012 01:27 PM, Wolfgang Bornath wrote:
> > 2012/4/11 Anne Wilson<annew at ...>:
> >>
> >> On 10/04/12 20:53, Renaud (Ron) Olgiati wrote:
> >>> On Tuesday 10 Apr 2012 10:57 my mailbox was graced by a message
> >>> from Anne Wilson who wrote:
> >>>> True indeed, but if someone wants to commit suicide we do have a
> >>>> moral duty not to supply the gun and teach him how to load it.
> >>>
> >>> We may have a duty to point out to him that we think his idea is
> >>> not good, but if he is decided, our duty then is to help him,
> >>> including acting as kaishakunin if he asks us to.
> >>>
> >> Your idea of moral duty is obviously different from mine.  I doubt if
> >> the law would see it your way either.
> >>
> >
> > Depends on what you see in Mageia. Is Mageia a mere provider of a
> > technical system who does not care further than uploading the
> > software? If so we don't need to discuss questions, we don't need to
> > give warnings about anything, etc. Or do we have a sense of moral duty
> > which goes beyond that? I am happy to see the decision of Mageia
> > showing that they care.
> >
> Whether I agree with the results or not, I get annoyed when people 
> presume to do my risk assessments for me. I would rather do it myself in 
> most cases. And this is one of those cases.
> 
> TJ
> 
I didn't see any agreement, rebuttal, or acknowledgment of my suggestion that
"there are consequences from "user's choice" resulting in a machine distributing
spam, bots, malware, including damage to the reputation/adoption of FOSS, that
reach beyond the demise of one individual"

You have given this a lot of thought.  Perhaps you could answer.  To put it
another way, if a user of a networked machine performs a risk assessment that
leads him to conclude it's safe to open an email attachment, for example, and

1. his machine has not been configured to prevent the deployment of the malware
embedded in that attachment,
2. his networked machine proceeds to distribute the effects of that malware
across the internet,
3. many thousands of machines are exposed to/infected with this unwanted
software and/or more tangentially compromised by such consequences of
administrative privileges exposed to the internet as spam or DDOS, e.g.

is there not more than just bad outcomes for the bad choices of the,
notwithstanding, annoyed, however, mistaken risk assessor?

Sure, my example sounds exactly like a description of the environment created by
Microsoft, who, apparently, did not anticipate all the consequences of writing
software such that it is more easy to run.  Sure, Linux is not Windows (and I'd
like to see it stay that way).  Sure, Linux is touted as more secure than
Windows and does not, yet, have such a horrific history of waste and
destruction.  However, there are vulnerabilities in Linux that are continuously
being patched and, should Linux come to be run on a more significant percentage
of machines, the number of eyes of ne'er-do-wells scrutinizing those
vulnerabilities will, most likely, increase.

Are the parallels not clear to anyone else?  Are you suggesting I should be
comfortable to trust the risk assessment of each and every user who would eschew
the wisdom of Unix-->Minix-->Linux developers and employ risky policy?  I am
not.  Do you believe that what happens on one machine has no potential effect on
any of the other connected machines, so Linux should be made to be whatever any
consumer of FOSS might like?  I do not.   To sum, again, Linux is not merely a
matter of an individual's choice.  
Rolf