Fedora nonsense

[Jack]

Wow! It's been a while since I even looked at RH. Thanks for the detailed
breakdown. It actually sounds like a good thing the way you describe it. 
The thing that always bothers me about sudo is, once you give it a password, any application running under your userid can up it's privileges for some time to come, and also, any malicious program you accidentally run for several minutes after automatically can do any root thing it wants, because you've already supplied the password (maybe, see next paragraph). 

I've read "stories" (BYO salt) on the web that talk about Linux machines getting infected by having run sudo shortly before "accidentally on purpose" running a Windows virus just to see if it would run, and then having it bork the machine. So sudo isn't all that much safer - and may be less so. I've actually tested running Windows viruses on my machine, well in a vm on my machine. Some Windows viruses actually do run, and some can actually do damage if you have Wine that is. I have yet to see one break out of a VM.


If there truly is a management technique behind this new RH/Fedora feature, then it's probably a good thing. And also, some new learning curve. 

Although, I'll reserve judgment until I see it in action. I'd much prefer, to have to be asked for my password for either every install, or for every batch install. And especially for intsalliing anything, I didn't preselect or ok to add. Of course, this only keeps out the "under the radar" malware. Won't stop the "You should install me, I'm a kewl app!" malware.

There's just no substitute for: 
a) regular known good backups of your data, and 
b) knowledge of what you have installed, and of what you are installing,
c) custom package selection file for automated re-install (optional time-saver),
d) a distro that installs all you usually want, negating b) and c),
e) or a printed list of what you install in addition to the default for you favored distro,
f) a little common sense, 
g) a resistance to social engineering, and
h) some basic PC literacy.

Unfortunately, it seems large segments of the society  will never achieve most of those pre-requisites.

Jack

--- On Wed, 11/18/09, Jeffrey Watts <jeffrey.w.watts at gmail.com> wrote:

> 
> This function is a big boon for desktop environments, as it
> allows centrally managed and administered environments to
> minimize requests for help in installing new software -
> especially when combined with the advertised feature of
> install-on-demand.  Remember, unlike most other
> distributions Fedora has a full featured management
> environment, and it's not difficult to script a package
> "reset" to a known package profile.