On Thu, 01 Mar 2012 15:59:14 -0500, James Knott wrote:
Jim Henderson wrote:
I spent 15 years working in corporate IT environments as a systems engineer, with company sizes ranging from< 200 employees to> 250,000 employees.
Just because employees can be disciplined for violating IT policy doesn't mean (a) that they don't work around security measures put in place, or (b) that such discipline actually happens, even though it's a possibility.
So, your solution to a problem created by new openSUSE policy is for an employee to violate an employers policy, if they are able to? Maybe this is something that should be fixed at the source and make this sort of thing optional so that those who need it have it, but those who don't need it don't have it keeping them from doing their work.
Um, no, that's not at all what I said. Please try to avoid putting words in my mouth - I'm fully capable of speaking for myself. What I'm saying is that different people have different requirements based on what their use case is for the software. Some people need restrictive policies because they're in higher security environments. Some people need more relaxed policies because they're (a) not in a corporate environment, and/or (b) they have made a policy decision to not require such tight security. As is their right. I'm also saying that anyone who thinks that not knowing a root password is going to prevent people from elevating their privileges doesn't understand the requirements of physical security or how easy it is to elevate privileges when you have physical access to a system (regardless of what operating system you have). Saying "that's what corporate IT policies are for" is like saying "we have laws against theft, so now we never need to worry about people stealing things." I'm saying that to believe that is quite naive.
Anyone who agrees with the current policy of requiring root to enable WiFi connections is unbelievably clueless about the real world.
Not to put too fine a point on it, James, but this is complete nonsense. You're assuming that in the "real world" everyone has the exact same requirements for security. That is demonstrably not true. Jim -- Jim Henderson Please keep on-topic replies on the list so everyone benefits -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org