[email protected]
[Top] [All Lists]

Re: Local users get to play root?

Subject: Re: Local users get to play root?
From: Adam Williamson
Date: Wed, 18 Nov 2009 15:00:52 -0800
On Wed, 2009-11-18 at 17:54 -0500, Eric Christensen wrote:

> > I do not see how that's relevant, frankly. For it to be relevant it
> > would have to be true to state that, if you need root privileges to
> > install signed packages, it's absolutely no problem if a signed package
> > is evil. Obviously, that's not at all true. An evil 'trusted' package
> > would be a Very Bad Thing in any case. Whether you need to be root to
> > install a trusted package or not is entirely orthogonal, as far as I can
> > see.
> I'd like to point out that there are trusted packages that I wouldn't
> want my users downloading.  John is a good example but there are others.
> Anyone requested that CVE yet?

That's a different point, and specifically _not_ the point I was
addressing. You don't need to point it out as it's already been pointed
out about five times earlier in the thread. :)

Adam Williamson
Fedora QA Community Monkey
IRC: adamw | Fedora Talk: adamwill AT fedoraproject DOT org

fedora-devel-list mailing list
[email protected]

<Prev in Thread] Current Thread [Next in Thread>