Fedora 12 Package Installation Policy Tightened 172
AdamWill writes "After the controversy over Fedora 12's controversial package installation authentication policy, including our discussion this week, the package maintainers have agreed that the controversial policy will be tightened to require root authentication for trusted package installation. Please see the official announcement and the development mailing list post for more details."
Never really thought this needed changing (Score:5, Interesting)
Re:Attitude (Score:4, Interesting)
Nonetheless, it's not a *horrible* concept, it was just a little too loose (as I've seen it described).
I think, as an option, and if the user was within a certain group (such as sudoers/wheel/whatever - changeable by the admin, and users who have administrative access), and only signed packages were affected (no change there), I wouldn't see an issue. At that point, it's basically saying "don't require a password for sudo when installing a package trusted by trusted authority 'xyz'".
Re:Attitude (Score:3, Interesting)
What really got me about this one was the attitude some developers had ... constantly trying to justify their correctness, despite the huge backlash from users. I feel the trust relationship is kinda broken ... but at least they finally came around and listened.
Fedora does this all the time (or at least, often enough for me to think it's all the time). Here is a couple of examples:
My point is: Fedora is a polygon for testing new technologies to be included in RHEL. Nothing more, nothing less. Perfect users for it are RHEL admins who want to get a preview of future releases, not casual desktop users.