Web lists-archives.com

Re: 'synaptic' removed from buster




On Fri, Apr 05, 2019 at 08:43:32AM +0100, mick crane wrote:
> On 2019-04-05 07:46, tomas@xxxxxxxxxx wrote:
> >On Fri, Apr 05, 2019 at 07:37:05AM +0100, mick crane wrote:
> >
> >[...]
> >
> >>Making you be root to download stuff off the internet never seemed
> >>like a good idea.
> >
> >And letting "you" (not root) install things in system directories
> >(/usr/bin et al) seems to be as bad an idea [...]

[...]

> what's the issue with
> seeing what's available as you,
> checking what you need as root,
> downloading as you,
> install as root.

Imagine some random javascript (running as you, the "normal" user
starts doing system things (browser sandboxing? nah!). At this point
I'd hope I get asked for my password, to get a chance to stop the
whole shenanigan. But that's just me...

Cheers
-- t

Attachment: signature.asc
Description: Digital signature