On Wed, 29 Feb 2012 14:40:13 -0500, Larry Stotler wrote:
As many are aware, Linus Torvalds has started a rant about the security policies in openSUSE for things that require the root password. From his Google+ post(https://plus.google.com/102150693225130002912/posts/1vyfmNCYpi5), he names these:
Time Zone changes Adding a Printer Adding a wireless network.
Now, I don't usually see the wireless issue because KNetworkmanager in KDE3(which I use) has never asked the root password for adding a new network.
While at 37, I've never changed timezones(I lead a boring life) I would have to agree that having to use the root password for this would be annoying if I needed to change it because of a flight or something.
I've worked with Linus on a hardware issue years ago, and I think we should probably at least consider reviewing the policies if they do need changed.
Just my 2 cents.
I would tend to agree, but at the same time, security is always a tradeoff between convenience and security. The underlying issue seems to me to be twofold: 1. The default policies are thought, by some, to be too restrictive. 2. PolicyKit (which seems to be what enforces these sorts of things) doesn't appear to me to be very well documented, nor is there a good tool for modifying the policy should one wish to go with a less restrictive setup. It seems like what might be reasonable here is to (a) better document PolicyKit, (b) provide a tool for managing the policies, and (c) provide different security profiles at installation time that let the user decide at that point how they want to balance security and convenience. We need to make this discussion less about Linus' comments (poorly stated, but valid observations) and more about how we balance the security policy/policies. But I also understand there is a discussion going on about this on the opensuse-security list - it may well be redundant to have a discussion here on the -user list as well. Jim -- Jim Henderson Please keep on-topic replies on the list so everyone benefits -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org