I don't think it's nonsense, perse...

but the sudo bit is probably the better way to go than eliminating the requirement of being root.

That's just me. if it was a desktop system then I don't see a problem. If it was a server, OTOH, that's a problem.

On Wednesday 18 November 2009 07:01:56 pm Jestin Stoffel wrote:

Seriously though, how is that any different than elevating to root privileges with 'sudo' to install? You still don't need the root password, so I suppose it's just saving my mom a step before she borks her system.

sudo at least prompts for the user's password by default (which worms won't have). also, to use sudo, you must be configured in the sudoers file to run said command.

On Wed, Nov 18, 2009 at 8:35 PM, Pratik Patel pkpatel88@gmail.com wrote:

Isn't this about PackageKit's integration into PolicyKit. First, it asks you for a password, then you click a checkbox. After that it lets you install things without typing in the password.

That is the (now) previous behaviour. The new behaviour does not ask for root password at all.

Wow! It's been a while since I even looked at RH. Thanks for the detailed breakdown. It actually sounds like a good thing the way you describe it. The thing that always bothers me about sudo is, once you give it a password, any application running under your userid can up it's privileges for some time to come, and also, any malicious program you accidentally run for several minutes after automatically can do any root thing it wants, because you've already supplied the password (maybe, see next paragraph).

I've read "stories" (BYO salt) on the web that talk about Linux machines getting infected by having run sudo shortly before "accidentally on purpose" running a Windows virus just to see if it would run, and then having it bork the machine. So sudo isn't all that much safer - and may be less so. I've actually tested running Windows viruses on my machine, well in a vm on my machine. Some Windows viruses actually do run, and some can actually do damage if you have Wine that is. I have yet to see one break out of a VM.

If there truly is a management technique behind this new RH/Fedora feature, then it's probably a good thing. And also, some new learning curve.

Although, I'll reserve judgment until I see it in action. I'd much prefer, to have to be asked for my password for either every install, or for every batch install. And especially for intsalliing anything, I didn't preselect or ok to add. Of course, this only keeps out the "under the radar" malware. Won't stop the "You should install me, I'm a kewl app!" malware.

There's just no substitute for: a) regular known good backups of your data, and b) knowledge of what you have installed, and of what you are installing, c) custom package selection file for automated re-install (optional time-saver), d) a distro that installs all you usually want, negating b) and c), e) or a printed list of what you install in addition to the default for you favored distro, f) a little common sense, g) a resistance to social engineering, and h) some basic PC literacy.

Unfortunately, it seems large segments of the society will never achieve most of those pre-requisites.

Jack

--- On Wed, 11/18/09, Jeffrey Watts jeffrey.w.watts@gmail.com wrote:

This function is a big boon for desktop environments, as it allows centrally managed and administered environments to minimize requests for help in installing new software - especially when combined with the advertised feature of install-on-demand.  Remember, unlike most other distributions Fedora has a full featured management environment, and it's not difficult to script a package "reset" to a known package profile.