Security policy oversight needed?

[Chris Adams]

Once upon a time, Mike McGrath <mmcgrath at redhat.com> said:
> I think that's too subjective though.

What is subjective about "allowing unprivileged to do things that
previously only root could do"?

> I'd be more in favor of a simple,
> broad view of what the user should be able to do without root.  It's
> possible "install packages" would be on that list, it's possible not.
> That way packages could ask themselves "does this break the policy?"  If
> it doesn't, great.  If it does, time for a bug report.

There have been bug reports, but they get closed by the maintainers as
NOTABUG, so that procedure is obviously not working.

-- 
Chris Adams <cmadams at hiwaay.net>
Systems and Network Administrator - HiWAAY Internet Services
I don't speak for anybody but myself - that's enough trouble.