REALTIME IT NEWS
REALTIME IT NEWS
Newsletters Select newsletters below and click the button to sign up!
Internetnews BloggersRecent Entries
ArchivesMonthly ArchivesSearch The Blog
« Mozilla earned $78.6 million in 2008 |
Sean Michael Kerner Blog
| PHP 5.3.1 released for 5 security flaws, 113 bugs »
Fedora 12 updates package installation policy From the 'Error Correction' files:
The public milestone release of Fedora 12 this week had one big flaw in it that is now set to be corrected. One key standard practice on nearly every Linux system I have ever seen or used is the separation of root and user roles. New software installation that affects an entire system typically can only be installed by the root user. That's a behavior that was modified with the Fedora 12 release such that a local user could install signed applications without root authorization. Now Fedora is reversing that policy. "After more discussion and thought, though, the package maintainers have posted to the fedora-devel-list mailing list agreeing to provide an update to Fedora 12's PackageKit," Fedora Project Leader Paul Frields wrote. "The update will require local console users to enter the root password to install new software packages."Makes sense to me. What doesn't make sense is why the new policy was put into Fedora 12 in the first place. Fedora developer Owen Taylor though has put together a lengthy post about the developer rationale for the initial policy change and I can kinda/sorta see why at first it might have made sense for some people (but not all). "In Fedora 9, 10, and 11, the first time a user tried to install a package from the Fedora repositories, they would be prompted for a root password, with a checkbox to remember that permission for the future. (Before Fedora 9, you had to enter the root password every time.)," Taylor wrote. The problem with that system is it that its not usually a good idea to automatically remember the root permission password. So what Fedora developers wanted to do instead was to rework the permission setup such that users would be assigned roles based on what they need to do with a system and the type of system in use. "The idea was that the change in PolicyKit would be accompanied by a default set of roles, and a nice user interface for assigning users to roles," Taylor wrote. "Unfortunately, with the constraints of time, it became clear that this all (and especially the GUI) wasn't going to be there for Fedora 12. So, PackageKit needed a fixed policy for all users."The fixed policy that Fedora went with was to allow all users to install signed packages from the Fedora repositories. In my own personal case, I'm running Fedora 12 on a single-user system so this is something that works for me. Yeaah I know, we should have a separation of root and user. But really all that means is just entering SUDO/pswrd doesn't it? Since the only allowed packages that non-root could install were signed packages from the Fedora repository, what is the risk? In any event, Fedora 12 is now going back to its historical behavior, so no harm done. Fedora listens to its community and it responds quickly. Unlike a proprietary software vendor where you'd wait weeks for such a patch, Fedora users get their changes extremely rapidly. 0 TrackBacksListed below are links to blogs that reference this entry: Fedora 12 updates package installation policy . TrackBack URL for this entry: https://swarm.jupitermedia.com/mt-tb.cgi/9313 |
||
Legal Notices, Licensing, Permissions, Privacy Policy.
Advertise | Newsletters | Shopping | E-mail Offers | Freelance Jobs 
Digg
Del.icio.us
furl
StumbleUpon
BlinkList
Newsvine
Magnolia
Facebook
Tailrank
Slashdot
Technorati
Google
Bookmarks
Yahoo
Favorites
Windows
Live
Ask
Leave a comment