Users howl as Fedora 12 gives root to unwashed masses
Now that an update has been announced for packagekit, will this update be applied to official ISOs or will users be expected to apply the update themselves or disable this behavior if they don't have the machine connected to the net?
On Fri, Nov 20, 2009 at 5:54 AM, susmit shannigrahi <firstname.lastname@example.org> wrote:
"Fedora users are revolting against a change introduced in the latest
version of the operating system that allows the installation of
thousands of software titles without an administrative password.
Critics say the move diminishes the security of machines running the
open-source OS by giving unprivileged users what amounts to
administrative control. That could allow lower-level employees to
install software that's not been approved by administrators, or worse,
to gain root access by installing an application with a known security
vulnerability and then intentionally exploiting it."
The site has posted this update at the top of the article.
"Updated: This story was updated about 11 hours after it was published
to reflect that Fedora developers have reversed course. Operating
system users once again will be required to enter a root password
before installing software packages."