Fedora firestorm and thoughts

Bob Elzer bob.elzer at gmail.com
Fri Nov 20 10:23:28 MST 2009 

I don't think he did this to harm anyone, I just think he didn't fully
thinking things out. I know I think, I think things out fully, only to find
out I missed something sometimes (say that three times fast).
 
At least with Fedora, there is a fix that puts it back to the way users
want.
 
Unlike some other operating system that's patched on tuesdays, and you are
stuck with the way they want it to be.
 

  _____  

From: plug-discuss-bounces at lists.plug.phoenix.az.us
[mailto:plug-discuss-bounces at lists.plug.phoenix.az.us] On Behalf Of Dazed_75
Sent: Thursday, November 19, 2009 7:22 PM
To: phrkonaleash at gmail.com; Main PLUG discussion list
Subject: Re: Fedora firestorm and thoughts




On Thu, Nov 19, 2009 at 6:52 PM, Ryan Rix <phrkonaleash at gmail.com> wrote:


Dazed_75 wrote:
> There seems to be a firestorm going on with regard to a change in the
> newly released Fedora 12.
>
> http://linux.slashdot.org/story/09/11/18/2039229/Fedora-12-Lets-Users-
<http://linux.slashdot.org/story/09/11/18/2039229/Fedora-12-Lets-Users-%0AIn
stall-Signed-Packages-Sans-Root-Privileges?art_pos=1> 
Install-Signed-Packages-Sans-Root-Privileges?art_pos=1
> https://bugzilla.redhat.com/show_bug.cgi?id=534047
>
> How much this has blown up from being "slashdotted" is not an issue IMHO.
> And I agree that it was a horrible decision to make that change be the
> default.  I do hope they revert it.  My belief is that if they wanted such
> a change it is important enough they should have retained the old behavior
> and made an option to implement the new only by someone having root
> privileges and proving it.
>
> But the real reason for this post is that I have noticed what might be a
> trend in recent releases.  It feels like a trend to me and I find that
> bothersome.  The trend I am talking about is for new releases to change
> defaults and content in ways that so many reviews and tips are focussed on
> how to revert the "improvements" to the prior art.
>
> For example, there are many positive reviews for Karmic Koala (ubuntu
> 9.10)
> along with the usual problem reports.  But it seems that many of the
> problem solutions and tips being published are how to "fix" Karmic back to
> the way
> ubuntu used to work.  Now this thing with Fedora 12.  I get concerned when
> it seems like we risk our advantages of better security and stability.
> I'm all for ease of use and innovation but I wonder if some changes are
> going too far and too fast.
>
> I have also noted that many changes are made to make things easier for new
> users (a good thing) but along the Microsoft model of assuming users must
> be
> stupid ... errr .... don't need/want to know.  Is that bothering anyone
> else?
>


This was never a decision discussed by the Fedora project as a whole. It was
never a decision that anyone besides Richard Hughes chose to implement[1],
and refused to revert when all this exploded.

This is not a security issue, or an issue of Fedora dumbing itself down for
its users. It's a matter of communication, or lack thereof:

1) This should have been discussed beforehand, either in a Fedora Release
Engineering meeting, or in the fedora-devel mailing list.
2) if it was chosen to be implemented by default it should have been in the
release notes along with explicit details on how to disable this.

Neither of these things happened, and we (Fedora's developers and
contributors) are already working to revert this and make sure things like
this don't happen in the future.

[1] Hughes felt that PackageKit was something to be used by Desktop systems
only not server/multiuser systems, and 99% of desktop systems run only one
or two users, all trusted with root access already. It was a convenience
addition for Desktop users.
Also, this policy was only enabled for LOCAL users running on a LOCAL
terminal installing packages from the trusted Fedora repos. If you look at
it this way, you have physical access to the box, you basically own it
already.



Sorry, but I don't see that excuses anything.  It means that that user/owner
now does not necessarily even know whether he is installing system level
components.  He no longer needs to know there may be impact to even that one
other user which might even be his own other login.

I know you are only explaining what reasoning he used and you don't condone
him doing it without approval.  I am just saying even his own reasoning is
flawed.  Plus which he did nothing to limit the impact of his decision to
the use case his reasoning supposedly refers to. 



--
Ryan Rix
Fedora KDE SIG Member, Phoenix AZ Ambassador, News KDE Beat Writer

Please refrain from mailing me directly in replies, I am subsribing
via GMane NNTP. Thank you.

http://hackersramblings.wordpress.com | http://identi.ca/phrkonaleash
XMPP: phrkonaleash at gmail.com          | MSN: phrkonaleash at yahoo.com
AIM:  phrkonaleash                    | Yahoo: phrkonaleash
IRC:  PhrkOnLsh at irc.freenode.net/#srcedit,#plugaz,#fedora-kde and
     countless other FOSS channels.



---------------------------------------------------
PLUG-discuss mailing list - PLUG-discuss at lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss





-- 
Dazed_75 a.k.a. Larry

The spirit of resistance to government is so valuable on certain occasions,
that I wish it always to be kept alive.
 - Thomas Jefferson

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.PLUG.phoenix.az.us/pipermail/plug-discuss/attachments/20091120/872e2b3e/attachment.htm

More information about the PLUG-discuss mailing list