Fedora 12 Package Installation Policy Tightened

AdamWill writes "After the controversy over Fedora 12's controversial package installation authentication policy, including our discussion this week, the package maintainers have agreed that the controversial policy will be tightened to require root authentication for trusted package installation. Please see the official announcement and the development mailing list post for more details."

Never really thought this needed changing

[lnlypaladin]

See personally I never thought it would be in discussion whether to allow non-root users to install packages. In my opinion it's one of the great advantages of *nix systems as far as security goes. Even the distributions with the root user disabled to make it easier on a desktop user, like Ubuntu, still require use of the sudo command. It's one of the biggest reasons certain worms and drive by download techniques which crippled Microsoft OS's never worked on *nix systems.

Re:Attitude

[ByOhTek]

Nonetheless, it's not a *horrible* concept, it was just a little too loose (as I've seen it described).

I think, as an option, and if the user was within a certain group (such as sudoers/wheel/whatever - changeable by the admin, and users who have administrative access), and only signed packages were affected (no change there), I wouldn't see an issue. At that point, it's basically saying "don't require a password for sudo when installing a package trusted by trusted authority 'xyz'".

Re:Attitude

[dejanc]

What really got me about this one was the attitude some developers had ... constantly trying to justify their correctness, despite the huge backlash from users. I feel the trust relationship is kinda broken ... but at least they finally came around and listened.

Fedora does this all the time (or at least, often enough for me to think it's all the time). Here is a couple of examples:

• Fedora Core 2 included the infamous 4k stack option enabled in Kernel, because of which NVIDIA drivers didn't work (and os drivers sucked). Users complained to no avail - Fedora's developers decided to introduce a feature they thought was good at cost of breaking many desktops. We had to recompile kernels.
• Fedora 9 introduced new GDM. This application was (and still is) crippled compared to the old one, but apparently a major rewrite was in order. The result was that configuration of many users (e.g. autologin, etc) was broken, that there was no configuration GUI that we were used to, usability was crippled for all systems that use remote login with many users, etc. But, new GDM was the future, so despite the breakage, Fedora's developers decided to push it.
• PulseAudio, anyone? But that's common for most distributions...

My point is: Fedora is a polygon for testing new technologies to be included in RHEL. Nothing more, nothing less. Perfect users for it are RHEL admins who want to get a preview of future releases, not casual desktop users.