an update - looks like they will be changing it back http://www.redhat.com/archives/fedora-devel-list/2009-November/msg01445.html
On Thu, Nov 19, 2009 at 7:58 PM, Tim Mugherini <[email protected]> wrote: > I agree > > i call shenanigans on fedoras part > > I don't buy the easy button excuse > > > > On 11/19/09, Xavi Garcia <[email protected]> wrote: >> Hi, >> >> My point as admin., talking about HelpDesk, >> >> Lets say that I have created my image / kickstart file with the programs I >> trust and I have tested myself, so everything works fine and I am sure that >> my HelpDesk and secondline guys are properly trained to help the users. >> >> Now, one example is the email client, they can choose their own software >> that can brake lots of things and Help Desk can't help them because they >> can't be trained to support everything that comes from their repository, >> unless we maintain a custom repository that will cost lots of money. >> >> From the admin./security point of view, now we do not have a standard >> environment and the patch policy is broken because we can't test or >> prioritize patches . >> >> The worst thing is that this 'feature' was undocumented. We could accept >> that this setting is enabled by default, but we need a guide/recommendations >> to harden our environment if we want to deploy FC12. Change the security >> model and keep it secret is bad. >> >> They also say that Fedora is targeted to end users due its life cycle, but >> many people is using Fedora for servers/desktops in the enterprise, like me. >> >> >> Regards, >> >> Xavier Garcia >> >> >> 2009/11/19 Michael Miller <[email protected]> >> >>> I think the idea is to provide the same type of control that you have >>> with Active Directory and GPO software polices. Which are based on >>> HASH values or Certificates rolled out by GPO. I don't think the >>> developers where looking at it from the same view point of system >>> administrators. Who most likely are going to be in a corporate >>> environment. They want software (installs) to be easy for people >>> switching over from Windows. >>> >>> I say that based on what one of the mission statements ( with a lot of >>> paraphrasing on my part. ) from Fedora Project. I think if you where >>> to role this out in a corporate environment this would work out really >>> well. If one was to do it correctly and maintain their own software >>> repositories. Which would decrease the number of help desk calls when >>> a user needed some software installed to do there job. >>> >>> <Personal Opinion> >>> I have the view point that if have a based image ( Stripped down OS ) >>> you reduce security issues because you don't have Acrobat or Flash >>> installed on 500 machines in your environment. You only have Acrobat >>> or flash installed on the machines of the people who need to use that >>> software. In a perfect world that would be 10 or 15 people. Which >>> is a different line of thinking from most Microsoft shops where they >>> want every machine to be exactly the same to reduce software >>> conflicts. >>> </Personal Opinion> >>> >>> Sorry for the rant. >>> >>> mmiller >>> >>> On Thu, Nov 19, 2009 at 1:57 AM, Xavier Garcia <[email protected]> >>> wrote: >>> > Hi guys, >>> > >>> > First, sorry for my broken english. >>> > >>> > >>> > This is from Dailydave. Have a look at this bug report from RedHat >>> (Fedora12). Hilarious! >>> > >>> > https://bugzilla.redhat.com/show_bug.cgi?id=534047 >>> > >>> > "Bug 534047 - All users get to install software on a machine they do >>> > not >>> have the root password to" >>> > >>> > All these years working to have a standard and controlled environment. >>> Now all this is bs and everybody >>> > should be able to install whatever they want in a desktop environment >>> because the packages are signed and are trusted (secure). >>> > >>> > >>> > "PackageKit allows you to install signed content from signed >>> > repositories >>> > without a password by default. It only asks you to authenticate if >>> anything is >>> > unsigned or the signatures are wrong. " >>> > >>> > Fail! >>> > >>> > Regards, >>> > >>> > Xavier Garcia >>> > _______________________________________________ >>> > Pauldotcom mailing list >>> > [email protected] >>> > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom >>> > Main Web Site: http://pauldotcom.com >>> > >>> _______________________________________________ >>> Pauldotcom mailing list >>> [email protected] >>> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom >>> Main Web Site: http://pauldotcom.com >>> >> > > -- > Sent from my mobile device > _______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
