[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Local users get to play root?

On Wed, 18 Nov 2009, Jeff Garzik wrote:

On 11/18/2009 01:28 PM, Seth Vidal wrote:
I didn't say it did - I said it didn't make sense to have items like PK
on servers.

Listen to yourself.

The above is a blatant admission that it is REALLY EASY for existing users to upgrade themselves into a security nightmare.

	* F11 w/ PK: requires root
	* F12 w/ PK: does not require root

And you don't see any problem with this?

you're talking to the wrong guy.

I don't maintain PK. I don't work on PK. I don't have anything to do with it, in fact.

And you should listen to yourself. I'm saying: You want to run secure servers, then you have to know what's on the system. Not just what pkg, but what the pkg does.

This is why I said: It doesn't make sense to have programs like packagekit which are targeted at end users on servers.


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]