[prev in list] [next in list] [prev in thread] [next in thread] 

List:       kde-usability
Subject:    Re: kdesu::slickness++
From:       Simon Perreault <nomis80 () nomis80 ! org>
Date:       2004-03-24 21:23:24
Message-ID: 4061FC4C.5000902 () nomis80 ! org
[Download RAW message or body]

Frans Englich wrote:
> Because I'm not fine with a "make it configurable"-compromise when a optimal 
> solution can be reached.

An optimal solution is more often than not a compromise.

> Why do people object? Because they find this a security concern. The user 
> does not know what the root password is used for.

Not necessarily. The only fact that a command is going to be run as root 
is enough for me to want to see it. I don't care if I know why it needs 
to be run. If it's going to be run as root, I want to see it.

This is not how a casual user feels though. They don't want to see it. 
They don't care if it's going to be run as root or not, they don't want 
to see it.

That's why we need a compromise. Some people want it, some don't. It 
needs not even be rationalized based on security. It's only about what 
people want from their desktop.

> The execution of kdesu from KControl(KCModuleProxy to be exact) will not fail, 
> and if it somehow have been modified by evil code that means the site have 
> already been compromised.

Some people don't care. They just want to see the command because it's 
going to be run as root. Don't reason them. Maybe they're right, maybe 
they're administrating big ass servers with thousands of users.

-- 
Simon Perreault <nomis80@nomis80.org> -- http://nomis80.org
_______________________________________________
kde-usability mailing list
kde-usability@kde.org
https://mail.kde.org/mailman/listinfo/kde-usability
[prev in list] [next in list] [prev in thread] [next in thread]