[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Local users get to play root?



Adam Williamson <awilliam redhat com> writes:

> I do not see how that's relevant, frankly. For it to be relevant it
> would have to be true to state that, if you need root privileges to
> install signed packages, it's absolutely no problem if a signed package
> is evil. Obviously, that's not at all true. An evil 'trusted' package
> would be a Very Bad Thing in any case. Whether you need to be root to
> install a trusted package or not is entirely orthogonal, as far as I can
> see.

Really? You are talking about changing "the local administrator trusts
*this* package" to "the local administrator trusts whoever has the
signing key for Fedora to decide which packages should be installed".

-- 
Arnaud


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]