[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: low-hanging fruit



On Wed, 2007-08-22 at 19:37 +0200, dragoran wrote:
> 
> 
> On 8/22/07, David Zeuthen <davidz redhat com> wrote:
>         
>         
>         (Another technical tidbit: RPM's GPG keys are tied to the
>         system so when
>         one user is deciding to import a GPG (aka. start trusting a
>         software
>         provider) it affects all users on that. Maybe the dialog need
>         to makes 
>         that clear too.)
> 
> that is a reason for asking for the root password , everything else is
> nothing but a security hole if  a non root user can set system
> defaults like this. 

Yeah, it's probably a good idea to ask for an administrator to
authenticate to do this. With mainline Fedora this would be asking for
the root password; for other spins it might asking a user in e.g.
'wheel' to authenticate.

     David




[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]