Yum and Yumex

Rick Stevens ricks at nerd.com
Thu Dec 4 19:31:42 UTC 2008 

Jerry Amundson wrote:
> On Thu, Dec 4, 2008 at 12:24 PM, Rick Stevens <ricks at nerd.com> wrote:
>> Jason L Tibbitts III wrote:
>>> Whenever I've had to get rid of extra installed packages I've just
>>> checked yum.log, but something more automatic might be useful to some.
>> I tend to concur, but I also think that you can't keep people from doing
>> stupid things, e.g. "# rm -rf /".
>>
>> "Once you make something idiot-proof, nature creates better idiots."
> 
> True, but we've shown here that, out of the box, Fedora is fairly
> close to having *some* idiot-proofness.
> One approach would be to:
> 1. Make yum-protect-packages mandatory in @core
> 2. include /etc/sysconfig/protected-packages.d/core.list in
> yum-protect-packages that contains @core listed.
> 
> As simple as that, even Joe Plumber has a protected Fedora install.
> For that matter, would not even Joe Linux-guru benefit? If needed, the
> latter could always "use the --override-protection command-line
> option."

I have no issue with it, but I think we're getting a bit wide of the
mark here.  I think the initiating issue here was someone doing a "-y"
on a remove of some multimedia thing and having it take things that the
user wasn't expecting with it.  It wasn't an "@core" thing--someone used
that as a somewhat specious example of gross stupidity.

In some respects, the ability to specify "-y" on things such as yum (or
fsck, for that matter) is essentially taking the training wheels off.
Don't do it unless you're prepared for the (potentially dire)
consequences.  It's up to you to wear the helmet.

> Hmm, too easy. I'm sure I've overlooked something.

Not really.  You're never going to come up with a perfect solution.  You
can't please everyone...look at the flap regarding GDM defaulting to not
permitting GUI root logins and how ticked people are at that, and I find
that to be a rather minor annoyance.  Perhaps we add a "intended
audience" option to the installer:

Novice Install: Install yum-protect-packages with reasonable lists,
block root GUI logins, disable "yum -y" and other (potentially
dangerous) automatic command line options, etc.  Full "training wheels,
hockey equipment and short bus" mode.  The fun part here is determining
which commands have dangerous options.  I know people who shouldn't be
allowed to turn on a computer...much less use one.

Standard Install: Essentially what we have now.

Advanced Install: No restrictions (permit GUI root logins, etc.)

Wow!  This idea may cause the maintainers NOTHING but headaches!  Sorry
I brought it up, guys!  Don't hit me!
----------------------------------------------------------------------
- Rick Stevens, Systems Engineer                      ricks at nerd.com -
- AIM/Skype: therps2        ICQ: 22643734            Yahoo: origrps2 -
-                                                                    -
-                Huked on foniks reely wurked for me!                -
----------------------------------------------------------------------

More information about the fedora-test-list mailing list