Slashdot Mirror
Fedora 12 Package Installation Policy Tightened
AdamWill writes "After the controversy over Fedora 12's controversial package installation authentication policy, including our discussion this week, the package maintainers have agreed that the controversial policy will be tightened to require root authentication for trusted package installation. Please see the official announcement and the development mailing list post for more details."
I liked for the ability for users to manage my box.
Surely the users would never do anything that would harm the system in which we all exist?!?
"You should always go to other people's funerals; otherwise, they won't come to yours." -- Yogi Berra
What really got me about this one was the attitude some developers had ... constantly trying to justify their correctness, despite the huge backlash from users. I feel the trust relationship is kinda broken ... but at least they finally came around and listened.
See personally I never thought it would be in discussion whether to allow non-root users to install packages. In my opinion it's one of the great advantages of *nix systems as far as security goes. Even the distributions with the root user disabled to make it easier on a desktop user, like Ubuntu, still require use of the sudo command. It's one of the biggest reasons certain worms and drive by download techniques which crippled Microsoft OS's never worked on *nix systems.
Even those with good senses of humor, honor, and saintly intentions must occasionally require the use of a strong shield
I mean come on!
It took like a whole 24hrs from when a story was posted on slashdot.
What are they Microsoft?
Bunch of dirty hippie linux slackers
The whole Fedora Team's creation of and response to this issue creates very serious doubt in my mind about their ability to manage a distribution and their understanding of proper security policy. I think they've got to open up their decision making process more and learn to communicate better. An idea this bad should have been squashed 5 minutes after it was proposed instead of being allowed to actually make it into a released distribution.
At least it all shows that the community still ultimately calls the shots.
"Malo periculosam, libertatem quam quietam servitutem." -- Jefferson
This is just nonsense, TOTAL NONSENSE.
Unix users have ALWAYS had the ability to install applications into their own home directory. Ok, so it (maybe) never occured to the authors of Linux package managers to target the users home directory. However, the fact remains that the ability/possibility has always been there. You simply don't need to pollute the system files in order to "install an app" on Unix. That is one of it's key strengths.
This is why the Fedora guys got skewered.
Some of us have been "installing applications" in our home directories since before the first line of Linux was written.
A Pirate and a Puritan look the same on a balance sheet.
To quote Richard Hughes, the developer responsible for the braindeadness in the first place, and repeatedly trying to brag his competency of being a dickhead in the bugzilla(https://bugzilla.redhat.com/show_bug.cgi?id=534047).:
Source: http://blogs.gnome.org/hughsie/2009/09/23/linux-is-about-choice/
It seems that he interpreted his own words as "Just because you can do something, doesn’t mean you should do it. But for me, I can fucking make whatever 'choice' and screw everybody else. Bwahahaha!"
And his recent rants:
(Source: http://blogs.gnome.org/hughsie/2009/11/20/the-fedora-12-installing-saga/)
But he was the one who was being a troll first. Quotes from the bugzilla:
Now, I'm wondering how on earth did someone got a job for being a devtroll. Red Hat pays him to develop, but trolling the bugzilla? I don't remember anyone "attacking him personally" on the bugzilla. I wasn't following the mailing lists though.
And he now seemed hurt because the users actually bothered to donate their own time correcting his mistake.
Grow up.