fedora-list Digest, Vol 59, Issue 209

R. G. Newbury newbury at mandamus.org
Sun Jan 25 03:03:07 UTC 2009 

Subject: Re: Package Manager Denies Permission to Install
To: "Community assistance, encouragement,	and advice for using
	Fedora." <fedora-list at redhat.com>
Message-ID: <1232745649.5954.36.camel at cyrus>
Content-Type: text/plain

On Fri, 2009-01-23 at 12:10 -0500, R. G. Newbury wrote:
 > > Jeff Spaleta <jspaleta at gmail.com> wrote:
 > >  > > Kevin Kofler <kevin.kofler at chello.at> wrote:
 > >  > > But PolicyKit does not work in a root session:
 > >  > > https://bugzilla.redhat.com/show_bug.cgi?id=447266
 > >
 > >  > Hmm...this is probably worthy of some nuanced and masterfully
 > >  > persuasive oratory as to where to strike the balance between 
designing
 > >  > for expected use cases and designing a system with flexibility to
 > >  > accomedate local needs even when those use cases are not considered
 > >  > best practises.  .
 > >
 > > No nuanced and masterfully persuasive oratory can disguise the fact 
that
 > >    someone has made *and enforced* a decision that *they know better
 > > than the user* how "THINGS MUST BE DONE" purely because the doing, is
 > > considered to be 'not best practice'.
 > >
 > > In this particular case, the 'best practice' enforcement approaches
 > > religious fervour in its application. In the particular instance which
 > > started this thread, PolicyKit nags about being root, and then 
*refuses*
 > > to allow the installation of an rpm! It does not deny the right to
 > > download and install the rpm in a console....It just denies the 
user the
 > > advantages of using PackageManager to resolve dependenices directly.
 > >
 > > And *exactly* what nuanced extra is added to the equation, by forcing
 > > the administrator to log out of root, to log in as a user, to do the
 > > same thing? Especially in a circumstance where the install is actually
 > > desired to be general and not user-local? This position is idiocy.
 > >
 > > I don't mind a nag. I DO mind unknown and unaccountable people
 > > attempting to enforce their quasi-religious beliefs on me (by
 > > quasi-religious, I mean the attitude which equates doing anything 
while
 > > root is akin to giving booze and car-keys to seventeen year old boys:
 > > instantly and always catastrophically dangerous.) I know using root 
can
 > > increase the probability of disaster. But I want to be able to decide
 > > what the limits of my risk tolerance are, not have someone else do it.
 > >
 > > That argument, the libertarian argumnent is one of the underlying 
bases
 > > of the free software movement. Let's have it recognized and 
venerated in
 > > the code!
 > >
 > > Geoff
 >My memory is that the designer of PackageManager indicated on the list
 >that running PackageManager as root has security problems that running
 >it as a user and entering the root password does not have. I believed
 >him. Your objection is that it makes you log as a user rather than as
 >root.

No particular instances of 'security problems' were actually indicated, 
so we are left with usual position, that an exploit or breach of a user 
account will do 'less' damage than a breach of a root account. Firstly 
this is based on the unstated assumption that the exploit cannot  be 
escalated. And secondly, this is based on the unstated assumption that 
PackageManager has security problems. If so, it does not actually matter 
  what user runs the program: any exploit could be easily escalated by 
using PackageManager to install a rootkit...

My objection is that he has arrogated to himself the power to determine 
how I can operate my computer. So not all of the "free"'s apply to this 
software.

 >I believe in the theory that "freedom" derives from the words free doom
indicating that everyone has a right to commit suicide in his (or her)
own way. I strongly support your committing suicide in any way you
desire.

Not quite the real etymology of 'freedom' but if you strongly support my 
desires I hope you will join me in castigating the designer of 
PackageManager.
Geoff


-- 
         Please let me know if anything I say offends you.
          I may wish to offend you again in the future.

          Tux says: "Be regular. Eat cron flakes."

More information about the fedora-list mailing list