Written by
Iskida Databases
created: 2009 11 21
updated: 2009 11 21

Fedora's gaffe on packages installation policy.

We endorse and use Linux Fedora (and will still do) but we are completely astounded by the new packages' installation policy adopted in the latest release.

[...] Non-privileged users may install software. In Fedora 12, a local user may install signed packages without authentication. This is a change from Fedora 11. [...]
Local users may install trusted packages
[...] It is important to note that, as of this writing, there is some discussion as to whether this feature may be reverted. [...]
Read the discussion

Our position about this problem is clear: immediately turn off this new default.
It should be obvious.

[...] This is outrageous. In more than a decade of using and administering Linux systems, this is by far the worst decision I have ever encountered. # [...]

[...] let users to change files they are not allowed to changed trashes all the: permissions-groups philosophy. # [...]

[...] I am worried about users being able install services which we do not want running on the network. Many of them are automatically enabled on install. Things like telnet and ftp are easily abused. # [...]

[...] I think the biggest issue we have is that such a change was able to be snuck in without any discussion and not get noticed until after the release. # [...]

[...] Basically, this bug has brought Windows stupidity to Linux. # [...]

...But also new versions of Windows use now Linux's policy.
[...] Actually, Windows does require an Administrator's password to install software. # [...]

This kind of policy is/was the main cause of Windows' vulnerabilities, to adopt it in a Linux distribution is simply insane!