PackageKit policy: background and plans
Krzysztof Halasa
khc at pm.waw.pl
Mon Nov 23 21:40:40 UTC 2009
Gregory Maxwell <gmaxwell at gmail.com> writes:
> There are many kinds of security threat out there. For example, a few
> dishonest
> people within the fedora project could conspire to backdoor the heck out of
> Fedora with a reasonable chance of not getting caught. Does this fact
> mean that
> we should not bother with signing packages or other security measures?
I didn't suggest anything like that, did I?
> Surely this would be preferable to reducing the security against
> common casual threats.
I'm not talking about reducing security. su, sudo are already suid root
(on most systems at least, especially su). Yes, this is, or at least may
be, a security risk. Admin entering root's password in insecure session
to install software is another security risk. That obviously doesn't
mean I want non-root users to install system software at will.
I just say that when it comes to entering the root password (and/or
installing system software), it should be done in a secure manner,
preferably not from within user X session (unless the risk = the fact
of user = root equivalency is explicitly and specifically understood
and accepted).
--
Krzysztof Halasa
More information about the fedora-devel-list
mailing list