Fedora firestorm and thoughts

Craig White craigwhite at azapple.com
Thu Nov 19 15:46:43 MST 2009


On Thu, 2009-11-19 at 12:32 -0700, Ed wrote:
> On Thu, Nov 19, 2009 at 12:00 PM, Dazed_75 <lthielster at gmail.com> wrote:
> > There seems to be a firestorm going on with regard to a change in the newly
> > released Fedora 12.
> >
> > http://linux.slashdot.org/story/09/11/18/2039229/Fedora-12-Lets-Users-Install-Signed-Packages-Sans-Root-Privileges?art_pos=1
> > https://bugzilla.redhat.com/show_bug.cgi?id=534047
> >
> > How much this has blown up from being "slashdotted" is not an issue IMHO.
> > And I agree that it was a horrible decision to make that change be the
> > default.  I do hope they revert it.  My belief is that if they wanted such a
> > change it is important enough they should have retained the old behavior and
> > made an option to implement the new only by someone having root privileges
> > and proving it.
> >
> > But the real reason for this post is that I have noticed what might be a
> > trend in recent releases.  It feels like a trend to me and I find that
> > bothersome.  The trend I am talking about is for new releases to change
> > defaults and content in ways that so many reviews and tips are focussed on
> > how to revert the "improvements" to the prior art.
> >
> > For example, there are many positive reviews for Karmic Koala (ubuntu 9.10)
> > along with the usual problem reports.  But it seems that many of the problem
> > solutions and tips being published are how to "fix" Karmic back to the way
> > ubuntu used to work.  Now this thing with Fedora 12.  I get concerned when
> > it seems like we risk our advantages of better security and stability.  I'm
> > all for ease of use and innovation but I wonder if some changes are going
> > too far and too fast.
> >
> > I have also noted that many changes are made to make things easier for new
> > users (a good thing) but along the Microsoft model of assuming users must be
> > stupid ... errr .... don't need/want to know.  Is that bothering anyone
> > else?
> >
> > --
> > Dazed_75 a.k.a. Larry
> >
> > The spirit of resistance to government is so valuable on certain occasions,
> > that I wish it always to be kept alive.
> >  - Thomas Jefferson
> >
> 
> Fedora has apparently gone for the "Drop Trow" level of security  -
> the fix everyone is going to need is here:
> 
> http://skvidal.wordpress.com/2009/11/18/polkit-and-package-kit-and-changing-settings/
> 
> the bug is here:
> 
> https://bugzilla.redhat.com/show_bug.cgi?id=534047
> 
> the quote:
> 
> "you are now vulnerable to local root exploits not only in packages you
> installed, but also in packages you chose not to install."
> 
> there does seam to be an effort to "dumb down" or "Up the Stupid" in
> many FOSS projects/distros. Is it just me, or do these problems crop
> up right after the developers try for a "long term vision"? should
> open source avoid the "vision thing"?
> 
> Ed - when the path becomes a road, fork it. ;)
----
I think this ultimately illustrates the best of Linux and open source.

Though I think that many have over-reacted, the truth is that
programmers & package maintainers make decisions all of the time and
often times, the impact of those decisions isn't clearly understood
sometimes until much later.

In this case, it's clear that the packager created a policy that is
viewed by many as the wrong choice and though he is vociferously
defending that decision, it seems pretty clear that he will be overruled
in tomorrows 'Fresco' meeting and changes will come.

It's quite clear that there are not many who agree with the packaging
and default policy included with Fedora 12 and their voices were heard.

I think that this is the point of bleeding edge software...to dare to go
to the limits and sometimes they have to be reeled in.

Viva la Linux

Craig


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.



More information about the PLUG-discuss mailing list