One of the nice things about Linux is the ease of installing software from a central repository. Just type yum install package and you're done. Another nice thing - often touted as a big security advantage over other operating systems - is that you have to explicitly set the mode for a manually downloaded piece of software or script to +x before you can run it, i.e. you have to make it pretty damn clear that you want to install it. epiphany doesn't follow this. With epiphany, you click on a piece of software in rpm format, and up pops a box asking for the root password and you're done. Easy to use? Definitely. Secure? Not as secure as using a yum repo, or +x.
An RPM is not an executable file. It isn't running the RPM file, it's running an installation program. +x vs -x is irrelevant here. On top of that, you have to give the root password to even launch system-install-package. Finally, once you have done that, you still must explicitly click on "Apply" in order for the package to be installed. i.e. you have to make it pretty damn clear that you want to install it. I see no problem here.
(In reply to comment #1) > An RPM is not an executable file. It isn't running the RPM file, it's running > an installation program. +x vs -x is irrelevant here. I never said it was an executable file, I gave an example of how accidentally installing software or running a script was made more difficult. > On top of that, you have to give the root password to even launch > system-install-package. Well, you have to give the root password, but lots of things ask for passwords. This bug isn't meant to be for people who know that they're doing, this bug is for people that blindly enter passwords when prompted. > Finally, once you have done that, you still must explicitly click on "Apply" in > order for the package to be installed. i.e. you have to make it pretty damn > clear that you want to install it. Okay good point. The Apply button is warning enough. > I see no problem here. Okay.