On Tue, 2012-05-22 at 21:40 +0800, Marguerite Su wrote:
Hi, Andreas,
personally I think we'd better separate standard Linux server environment from single-user home desktop environment. they're totally different....and desktop users are growing in recent years in our forums(openSUSE is almost the only usable distro for home use)
I think this is easier said than done. While we have evidence that there are a lot of single-user desktop machines, it is less clear how many of them still use server functionality in the background. And a number of people *do* do this for testing purposes, or a makeshift home server, etc. So the challenge, if we wanted to address different usages, would be to create security levels for 1) Servers, 2) Mixed Server/Desktop and 3) Desktop for Single users (I guess a 4th one for multi-user desktop.)
eg: I would like YaST2 never ask me root password to install software, since it's my laptop and no one else can use it...but it'll surely be banned in a security expert's eyes, and I don't know how to adjust it for myself
I agree that some basic functionalities shouldn't require passwords. Obvious are adding wifi networks or printer connections. However, I still greatly appreciate requiring a password even on my own machine for software installations. If anything, it becomes a gentle reminder to me that I must exercise my abilities with caution. Also, unpassworded-software installation, in my opinion, exposes us to greater risks. Some malware out there can do a background installation without your awareness, and without password protection, we've made it much easier for those miscreants. The moment we remove this level of protection, we increase the invitation for malware creators to target openSUSE installations.
(no flame war like Linus did, of course I defend and vote for openSUSE, but one comment in it is good for me: it's easier for security persons to enable it than grandma to disable it)
This poses another question. Did grandma install openSUSE herself or did someone else do it for her? Both scenarios have different security implications. (Think in terms of "a little knowledge can be a dangerous thing.") :-) Bryen M Yunashko
so mix them up may generate no balanced results and may trigger another flame war in our forums...
I hope we may/can have a package called polkit-default-home-use or something to fulfill that kind of needs....of course too hurry for 12.2, may be later
Greetings
Marguerite
-- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org