Branch 'f12zeroday-tx' - en-US/Revision_History.xml en-US/Security.xml
Rüdiger Landmann
rlandmann at fedoraproject.org
Sun Nov 22 22:59:04 UTC 2009
en-US/Revision_History.xml | 27 ---------------------
en-US/Security.xml | 57 ---------------------------------------------
2 files changed, 84 deletions(-)
New commits:
commit 03a619ae9ad57968bb0d806c67e599e9a8e3ef07
Author: Ruediger Landmann <r.landmann at redhat.com>
Date: Mon Nov 23 08:57:42 2009 +1000
Back out notice about security change committed into wrong branch
diff --git a/en-US/Revision_History.xml b/en-US/Revision_History.xml
index f920819..c04a8a9 100644
--- a/en-US/Revision_History.xml
+++ b/en-US/Revision_History.xml
@@ -10,33 +10,6 @@
<itemizedlist>
<listitem>
<para>
- 0.8
- Wed 18 Nov 2009
- John McDonough
- <email>jjmcd at fedoraproject.org</email>
- <simplelist>
- <member>
- Admonition about policy change that allows users to
- install signed packages without authentication.
- </member>
- </simplelist>
- </para>
- </listitem>
- <listitem>
- <para>
- 0.7
- Mon 16 Nov 2009
- John McDonough
- <email>jjmcd at fedoraproject.org</email>
- <simplelist>
- <member>
- Multiple small typos
- </member>
- </simplelist>
- </para>
- </listitem>
- <listitem>
- <para>
0.6
Mon 9 Nov 2009
John McDonough
diff --git a/en-US/Security.xml b/en-US/Security.xml
index 4828cc2..e914c0a 100644
--- a/en-US/Security.xml
+++ b/en-US/Security.xml
@@ -10,63 +10,6 @@
</para>
- <section id="sect-Release_Notes-Security-Install-trusted-packages">
- <title>Local users may install trusted packages</title>
- <warning>
- <title>Non-privileged users may install software.</title>
- <para>
- In Fedora 12, a <emphasis>local</emphasis> user may
- install <emphasis>signed</emphasis> packages without
- authentication. This is a change from Fedora 11.
- </para>
- </warning>
- <para>
- In common use cases, local desktop users frequently
- install packages. In Fedora 11, this required
- authentication. In Fedora 11, if the user wishes to
- install an unsigned package, a second authentication is
- required. Since the desktop user is typically the owner
- and sole user of the machine, the default was changed in
- Fedora 12 to allow a local user to install signed
- (trusted) packages without authentication. Unsigned
- packages continue to require authentication.
- </para>
- <para>
- This change only affects installs and updates made through
- the graphical interface. It does not affect
- <command>yum</command>, nor does it allow packages to be
- removed without authentication.
- </para>
- <para>
- Some administrators may prefer the old behavior. To
- restore the Fedora 11 behavior, create a file in
- <filename>/var/lib/polkit-1/localauthority/20-org.d</filename>
- (name it anything you want) and the content should be
- <screen>
-[NoUsersInstallAnythingWithoutPassword]
-Identity=unix-user:someone;unix-user:someone_else
-Action=org.freedesktop.packagekit.*
-ResultAny=auth_admin
-ResultInactive=auth_admin
-ResultActive=auth_admin
- </screen>
- </para>
- <para>
- It is important to note that, as of this writing, there is
- some discussion as to whether this feature may be
- reverted. There is also a question about whether the
- above fix works for all users. This document will be
- updated as new information becomes available.
- </para>
- <para>
- Those that want to follow the detailed discussion can
- refer to <ulink type="http"
- url="https://bugzilla.redhat.com/show_bug.cgi?id=534047"
- />. Be advised that most of those commenting are
- developers and frequently have software and understanding
- beyond ordinary users.
- </para>
- </section>
<section id="sect-Release_Notes-Security-Lower_process_capabilities">
<title>Lower process capabilities</title>
<para>
More information about the Fedora-docs-commits
mailing list