PackageKit Misconceptions
Jesse Keating
jkeating at redhat.com
Wed Aug 22 18:01:13 UTC 2007
On Wed, 22 Aug 2007 13:55:19 -0400
"Colin Walters" <walters at redhat.com> wrote:
> If you installed an RPM from an untrusted source, you have already
> lost. It can execute arbitrary code in %post, or
> overwrite /lib/libc.so, the possibilities are endless.
So basically what you're saying is that we should just give up and go
home. Right? Do we seriously just want to give everybody full root
access and let whatever happens happens, never asking them to think a
second about what they're clicking or doing? Basically windows95/98
mentality?
"Oh, well we'll just allow them to install software from configured
repos." That's great, how do you add repos, because Fedora by design
doesn't have everything a user wants. "Oh, we'll well just allow them
to install a package from a website that has the repo files in it."
Game over.
Hey it'd be neat if we didn't have to think about security anymore. We
could focus on a lot of the other cool stuff we want to do. No
questions, no checking, just have at it!
--
Jesse Keating
Fedora -- All my bits are free, are yours?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/fedora-desktop-list/attachments/20070822/ab190a29/attachment.sig>
More information about the Fedora-desktop-list
mailing list