Fedora firestorm and thoughts
Ed
plug at 0x1b.com
Thu Nov 19 12:32:52 MST 2009
On Thu, Nov 19, 2009 at 12:00 PM, Dazed_75 <lthielster at gmail.com> wrote:
> There seems to be a firestorm going on with regard to a change in the newly
> released Fedora 12.
>
> http://linux.slashdot.org/story/09/11/18/2039229/Fedora-12-Lets-Users-Install-Signed-Packages-Sans-Root-Privileges?art_pos=1
> https://bugzilla.redhat.com/show_bug.cgi?id=534047
>
> How much this has blown up from being "slashdotted" is not an issue IMHO.
> And I agree that it was a horrible decision to make that change be the
> default. I do hope they revert it. My belief is that if they wanted such a
> change it is important enough they should have retained the old behavior and
> made an option to implement the new only by someone having root privileges
> and proving it.
>
> But the real reason for this post is that I have noticed what might be a
> trend in recent releases. It feels like a trend to me and I find that
> bothersome. The trend I am talking about is for new releases to change
> defaults and content in ways that so many reviews and tips are focussed on
> how to revert the "improvements" to the prior art.
>
> For example, there are many positive reviews for Karmic Koala (ubuntu 9.10)
> along with the usual problem reports. But it seems that many of the problem
> solutions and tips being published are how to "fix" Karmic back to the way
> ubuntu used to work. Now this thing with Fedora 12. I get concerned when
> it seems like we risk our advantages of better security and stability. I'm
> all for ease of use and innovation but I wonder if some changes are going
> too far and too fast.
>
> I have also noted that many changes are made to make things easier for new
> users (a good thing) but along the Microsoft model of assuming users must be
> stupid ... errr .... don't need/want to know. Is that bothering anyone
> else?
>
> --
> Dazed_75 a.k.a. Larry
>
> The spirit of resistance to government is so valuable on certain occasions,
> that I wish it always to be kept alive.
> - Thomas Jefferson
>
Fedora has apparently gone for the "Drop Trow" level of security -
the fix everyone is going to need is here:
http://skvidal.wordpress.com/2009/11/18/polkit-and-package-kit-and-changing-settings/
the bug is here:
https://bugzilla.redhat.com/show_bug.cgi?id=534047
the quote:
"you are now vulnerable to local root exploits not only in packages you
installed, but also in packages you chose not to install."
there does seam to be an effort to "dumb down" or "Up the Stupid" in
many FOSS projects/distros. Is it just me, or do these problems crop
up right after the developers try for a "long term vision"? should
open source avoid the "vision thing"?
Ed - when the path becomes a road, fork it. ;)
More information about the PLUG-discuss
mailing list