Mailinglist Archive: opensuse (1483 mails)

< Previous Next >
Re: [opensuse] Should openSUSE review it's Security Policies?
  • From: Steven Hess <flamebait@xxxxxxxxx>
  • Date: Wed, 29 Feb 2012 13:53:03 -0800
  • Message-id: <CAF=LnE5sQp+V29dFcoQLbvn1A=DtJJwEgZSDkoRbg=obxtbeZA@mail.gmail.com>
On Wed, Feb 29, 2012 at 1:44 PM, Marcus Meissner <meissner@xxxxxxx> wrote:

On Wed, Feb 29, 2012 at 01:34:14PM -0800, John Andersen wrote:
On 2/29/2012 1:14 PM, Marcus Meissner wrote:
On Wed, Feb 29, 2012 at 02:40:13PM -0500, Larry Stotler wrote:
As many are aware, Linus Torvalds has started a rant about the
security policies in openSUSE for things that require the root
password.  From his Google+
post(https://plus.google.com/102150693225130002912/posts/1vyfmNCYpi5),
he names these:

Time Zone changes
Adding a Printer
Adding a wireless network.

Now, I don't usually see the wireless issue because KNetworkmanager in
KDE3(which I use) has never asked the root password for adding a new
network.

While at 37, I've never changed timezones(I lead a boring life) I
would have to agree that having to use the root password for this
would be annoying if I needed to change it because of a flight or
something.

I've worked with Linus on a hardware issue years ago, and I think we
should probably at least consider reviewing the policies if they do
need changed.

He should stop asking us to commit suicide first.

Ciao, Marcus

I think the entire point here is that the multi-user security model is
not
a good
fit for a single user device like a laptop.

For single user devices, permissions should really focus on preventing
the user from destroying the system or letting it be compromised by
others,
but in
other ways, allow them to do typical administrative tasks like add
printers, wifi
networks, removable storage, etc.

I don't think you can dismiss Torvalds with a one-liner and come off
looking
anything but petty.

read my other mail.

Ciao, Marcus
--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse+owner@xxxxxxxxxxxx


You are going to have many opinions on the level of security different
systems need to have.
Some are going to be very firm against any changes at all.

All security should be able to be configured directly from YAST.
The man-power may not be there to implement it in a complete form though.
A user or administrator should be able to set the level of permissions
once and forget it.

Steven
--
____________
Steven L Hess ARS KC6KGE DM05gd22
Skype user flamebait Cell 661 487 0357 (Facetime)
Google Voice 661 769 6201
openSUSE  Linux 12.1
--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse+owner@xxxxxxxxxxxx

< Previous Next >