I agree i call shenanigans on fedoras part
I don't buy the easy button excuse On 11/19/09, Xavi Garcia <[email protected]> wrote: > Hi, > > My point as admin., talking about HelpDesk, > > Lets say that I have created my image / kickstart file with the programs I > trust and I have tested myself, so everything works fine and I am sure that > my HelpDesk and secondline guys are properly trained to help the users. > > Now, one example is the email client, they can choose their own software > that can brake lots of things and Help Desk can't help them because they > can't be trained to support everything that comes from their repository, > unless we maintain a custom repository that will cost lots of money. > > From the admin./security point of view, now we do not have a standard > environment and the patch policy is broken because we can't test or > prioritize patches . > > The worst thing is that this 'feature' was undocumented. We could accept > that this setting is enabled by default, but we need a guide/recommendations > to harden our environment if we want to deploy FC12. Change the security > model and keep it secret is bad. > > They also say that Fedora is targeted to end users due its life cycle, but > many people is using Fedora for servers/desktops in the enterprise, like me. > > > Regards, > > Xavier Garcia > > > 2009/11/19 Michael Miller <[email protected]> > >> I think the idea is to provide the same type of control that you have >> with Active Directory and GPO software polices. Which are based on >> HASH values or Certificates rolled out by GPO. I don't think the >> developers where looking at it from the same view point of system >> administrators. Who most likely are going to be in a corporate >> environment. They want software (installs) to be easy for people >> switching over from Windows. >> >> I say that based on what one of the mission statements ( with a lot of >> paraphrasing on my part. ) from Fedora Project. I think if you where >> to role this out in a corporate environment this would work out really >> well. If one was to do it correctly and maintain their own software >> repositories. Which would decrease the number of help desk calls when >> a user needed some software installed to do there job. >> >> <Personal Opinion> >> I have the view point that if have a based image ( Stripped down OS ) >> you reduce security issues because you don't have Acrobat or Flash >> installed on 500 machines in your environment. You only have Acrobat >> or flash installed on the machines of the people who need to use that >> software. In a perfect world that would be 10 or 15 people. Which >> is a different line of thinking from most Microsoft shops where they >> want every machine to be exactly the same to reduce software >> conflicts. >> </Personal Opinion> >> >> Sorry for the rant. >> >> mmiller >> >> On Thu, Nov 19, 2009 at 1:57 AM, Xavier Garcia <[email protected]> >> wrote: >> > Hi guys, >> > >> > First, sorry for my broken english. >> > >> > >> > This is from Dailydave. Have a look at this bug report from RedHat >> (Fedora12). Hilarious! >> > >> > https://bugzilla.redhat.com/show_bug.cgi?id=534047 >> > >> > "Bug 534047 - All users get to install software on a machine they do >> > not >> have the root password to" >> > >> > All these years working to have a standard and controlled environment. >> Now all this is bs and everybody >> > should be able to install whatever they want in a desktop environment >> because the packages are signed and are trusted (secure). >> > >> > >> > "PackageKit allows you to install signed content from signed >> > repositories >> > without a password by default. It only asks you to authenticate if >> anything is >> > unsigned or the signatures are wrong. " >> > >> > Fail! >> > >> > Regards, >> > >> > Xavier Garcia >> > _______________________________________________ >> > Pauldotcom mailing list >> > [email protected] >> > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom >> > Main Web Site: http://pauldotcom.com >> > >> _______________________________________________ >> Pauldotcom mailing list >> [email protected] >> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom >> Main Web Site: http://pauldotcom.com >> > -- Sent from my mobile device _______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
