On Wed, Feb 8, 2012 at 11:39 AM, Wolfgang Bornath <[email protected]> wrote: > 2012/2/8 Diego Bello <[email protected]>: >> On Wed, Feb 8, 2012 at 11:01 AM, Wolfgang Bornath >> <[email protected]> wrote: >>> 2012/2/8 Anne Wilson <[email protected]>: >>>> On Wednesday 08 February 2012 15:13:57 Anne Wilson wrote: >>>>> Yes, I have seen postings like "why do I have to use passwords" and >>>>> "why can I not log in KDE as root" more than once. Are these people >>>>> our target group? If so than - have fun! What strikes me is that you >>>>> of all people are advocating a loosening of security with no real >>>>> reason. >>>> >>>> I do not want to have to give the root password to members of my family >>>> that >>>> are, frankly, clueless on tech-matters. At the same time, I do want them >>>> to >>>> apply at least security updates. Being able to accept updates from a >>>> trusted >>>> source (direct from Mageia) with only their user password is the safest >>>> their >>>> systems can have. >>> >>> I understand the reasons. But you know as well as everybody else that >>> sometimes updates do not work as easy as they should. It could be >>> caused by a faulty mirror or by a glitch in a package (which should >>> not happen but "should not happen" implies "can happen") or whatever >>> other reason. Then your family members will wait for you anyway (in >>> the best case) without knowing what happened - while they could have >>> been happily working or entertaining themselves until you come and do >>> the updates. >>> >>> Apart from the understandable quest to make it easy on the unwashed >>> masses - it is still a security break - see what I have written about >>> the ability of xguest to do updates (while xguest was invented to >>> leave the system without garbage or damage at the end of his/her >>> session). >>> >>> -- >>> wobo >> >> A bad update will break your system no matter if you are root or not. > > That's actually a point in favor of the need for the root password - > if the system breaks: the user can not do anything at all - instead he > will have to go for a walk until root comes to fix the problem. So why > do you insist on letting poor user take that risk by default? > > -- > wobo
Because a simple update should not break the system. They should work all the time, just like printers or the Internet connection :p. Now, seriously talking, I have installed updates with my user all the time and never had a problem. This case is an exception and I don't thing of it as a bug, except for the feature that it can be done by a guest user. -- Diego Bello Carreño
