Bug 213314 - Do not start system-install-packages when an rpm is downloaded
Do not start system-install-packages when an rpm is downloaded
Status: CLOSED NOTABUG
Product: Fedora
Classification: Fedora
Component: epiphany (Show other bugs)
6
All Linux
medium Severity medium
: ---
: ---
Assigned To: Christopher Aillon
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2006-10-31 14:30 EST by Need Real Name
Modified: 2007-11-30 17:11 EST (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2006-10-31 15:11:18 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)

  None (edit)
Description Need Real Name 2006-10-31 14:30:20 EST
One of the nice things about Linux is the ease of installing software from a
central repository. Just type
 yum install package
and you're done.

Another nice thing - often touted as a big security advantage over other
operating systems - is that you have to explicitly set the mode for a manually
downloaded piece of software or script to +x before you can run it, i.e. you
have to make it pretty damn clear that you want to install it.

epiphany doesn't follow this. With epiphany, you click on a piece of software in
rpm format, and up pops a box asking for the root password and you're done.

Easy to use? Definitely. Secure? Not as secure as using a yum repo, or +x.
Comment 1 Christopher Aillon 2006-10-31 15:11:18 EST
An RPM is not an executable file.  It isn't running the RPM file, it's running
an installation program.  +x vs -x is irrelevant here.

On top of that, you have to give the root password to even launch
system-install-package.

Finally, once you have done that, you still must explicitly click on "Apply" in
order for the package to be installed.  i.e. you have to make it pretty damn
clear that you want to install it.

I see no problem here.
Comment 2 Need Real Name 2006-10-31 16:13:44 EST
(In reply to comment #1)
> An RPM is not an executable file.  It isn't running the RPM file, it's running
> an installation program.  +x vs -x is irrelevant here.

I never said it was an executable file, I gave an example of how accidentally
installing software or running a script was made more difficult.

> On top of that, you have to give the root password to even launch
> system-install-package.

Well, you have to give the root password, but lots of things ask for passwords.
This bug isn't meant to be for people who know that they're doing, this bug is
for people that blindly enter passwords when prompted.

> Finally, once you have done that, you still must explicitly click on "Apply" in
> order for the package to be installed.  i.e. you have to make it pretty damn
> clear that you want to install it.

Okay good point. The Apply button is warning enough.

> I see no problem here.

Okay.

Note You need to log in before you can comment on or make changes to this bug.