Re: [opensuse] Should openSUSE review it's Security Policies?



On Wed, Feb 29, 2012 at 01:34:14PM -0800, John Andersen wrote:
On 2/29/2012 1:14 PM, Marcus Meissner wrote:
On Wed, Feb 29, 2012 at 02:40:13PM -0500, Larry Stotler wrote:
As many are aware, Linus Torvalds has started a rant about the
security policies in openSUSE for things that require the root
password. From his Google+
post(https://plus.google.com/102150693225130002912/posts/1vyfmNCYpi5),
he names these:

Time Zone changes
Adding a Printer
Adding a wireless network.

Now, I don't usually see the wireless issue because KNetworkmanager in
KDE3(which I use) has never asked the root password for adding a new
network.

While at 37, I've never changed timezones(I lead a boring life) I
would have to agree that having to use the root password for this
would be annoying if I needed to change it because of a flight or
something.

I've worked with Linus on a hardware issue years ago, and I think we
should probably at least consider reviewing the policies if they do
need changed.

He should stop asking us to commit suicide first.

Ciao, Marcus

I think the entire point here is that the multi-user security model is not
a good
fit for a single user device like a laptop.

For single user devices, permissions should really focus on preventing
the user from destroying the system or letting it be compromised by others,
but in
other ways, allow them to do typical administrative tasks like add
printers, wifi
networks, removable storage, etc.

I don't think you can dismiss Torvalds with a one-liner and come off looking
anything but petty.

read my other mail.

Ciao, Marcus
--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse+owner@xxxxxxxxxxxx