https://bugzilla.novell.com/show_bug.cgi?id=214956 ------- Comment #6 from alpha096@tpg.com.au 2006-10-30 20:09 MST ------- Please see cross refernce with bug 215619 which has the following commen and relivance Quote Please forgive me jumping in here, however bug indicated in #5 is in regard to installing clamAV originally in YAST as a root user. I don't see the issue, however I am first to admit I don't understand the rest of the issues in #5 above. More pointedly bug https://bugzilla.novell.com/show_bug.cgi?id=214956 calls for the complete re-assessment of the current online update and ZMD association. With version 10.1 when we moved to ZEN updater replaced SuSe watcher we introduced a massive number of issues, this now being one. There have been no less that 4 different version published online update. I have strong issue that a service runs freenly under root credentials, in-order to function, is available and accessible without the user needing to log in as root. ZEN updater neeeds serious re-evaluation as to its effectiveness/ its current issues and this new issue. I do not understand why we move from susewatcher to ZEN updater. certainly I understand it was portaled from the Novell ZEN desktop updater the was used in a Novell NetWare environment where the MS-Windows Client was already running Administrator permissions for Zen Desktop updater to function. To move an application such as ZEN updater to a Linux environment and subsequently for the desktop user to grant the application root authority just to function and leave the application open and running with permitted escalation of authority is flawed in a Linux environment. ZEN updaters functionality and now security issues needs strong re-evaluation to continue its use in the product Linux where the user can run normally under a least privileged account. Unquote -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.