low-hanging fruit
David Zeuthen
davidz at redhat.com
Wed Aug 22 17:37:30 UTC 2007
On Wed, 2007-08-22 at 19:37 +0200, dragoran wrote:
>
>
> On 8/22/07, David Zeuthen <davidz at redhat.com> wrote:
>
>
> (Another technical tidbit: RPM's GPG keys are tied to the
> system so when
> one user is deciding to import a GPG (aka. start trusting a
> software
> provider) it affects all users on that. Maybe the dialog need
> to makes
> that clear too.)
>
> that is a reason for asking for the root password , everything else is
> nothing but a security hole if a non root user can set system
> defaults like this.
Yeah, it's probably a good idea to ask for an administrator to
authenticate to do this. With mainline Fedora this would be asking for
the root password; for other spins it might asking a user in e.g.
'wheel' to authenticate.
David
More information about the Fedora-desktop-list
mailing list