On 06/24/2012 07:35 PM, Carlos E. R. wrote:
On 2012-06-25 03:47, j debert wrote:
On 06/24/2012 04:48 PM, Carlos E. R. wrote:
It is interesting that such things keep being installed quietly, with no notice, no opt-out and by default, with little or no information about them. There's not even a justification for this; it's just done. The least they could do is tell us why they think we want this, sh--erm, stuff.
That's why I'm worried. There is no information here, and very little information upstream. Smells bad, even if it is bona fides. Yes, I have the paranoid hat on tonight.
These things have to be carefully explained to avoid rising suspicions, including how to opt out.
Poor and misleading descriptions and manpages, sometimes completely wrong, if there's anything at all. And bringing up concerns gets little else but criticisms and useful RTFM comments. Tracker is another current example. Apparently it's been improved to ignore users' config files. This new behaviour isn't in the manpages. I had set up it's config so that it would not run at all but now that it ignores the config files, I've had to chmod a-x all it's executables. That's not standard practice but since no user can control it any more, there's nothing else to do unless one wants to uninstall it and lots of other things as well, or break a bunch of other stuff. Unfortunately, for zeitgeist, there are interdependencies: For example, libphonon depends on zeitgeist and several libs and apps depend on libphonon, such as gtkam. rpm -q --whatrequires is too half-fast to reveal such dependencies. Uninstalling zeitgeist requires removing severl otrher libs and apps as well. I've run into this before when I tried to remove some useless nuisance and found a vast and complex interdependence with lots of critical system components and apps in use, which rpm did not report, that made it's removal impossible. Why there has to be such a web of interdependencies is a mystery.
I think that perhaps the days of trusting Linux based systems and packages like OpenSuSE regarding privacy and security are going away. Safer not to trust them no matter how inconvenient it becomes.
Perhaps...
It's easy for problematic things to get themselves lost in the web of interdependencies and suspicious things become impossible to remove without breaking other likely important things. It's this complex interdependence that makes a system untrustworthy and it's security wobbly at best. Complexity makes it easier to break things in ways that are not foreseen or even noticeable. Complexity also makes it easier to insert some malware or apply a malicious delta patch somewhere it won't be noticed and makes it harder to find and remove. It would appear that KISS has left the building. And the country. Probably the planet as well. Perhaps it would be useful to replace existing unwanted apps and libs with versions that have the unwanted "features" stripped out so as to preserve the web of interdependencies as much as possible. jd -- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org