Page 1 of 1

More crazy stuff from Ubuntu - what will Mint do?

Posted: Thu Nov 10, 2011 1:39 pm
by Gremuchnik
Hi,

I just came across this: https://wiki.ubuntu.com/SecurityTeam/FA ... ty_updates

This basically means that Ubuntu users will now have updates, shall we say, semi-automated by default. Yes, they still will have to press "install" but, no, no more sudo group password entry. I personally run Xubuntu on one of my boxes, that is how I discovered this "feature", so I suppose this also affects all the other *buntu derivatives.

Considering that for years Ubuntu users have been trained for years to focus their attention to what they were doing when entering either sudo or a password, that kind of semi-automatisation is, IMHO, very detrimental to the security of the computers and to the education of the users who might mistakenly consider that an upgrade is a rather trivial operation.

Since Mint main edition is still based on Ubuntu, is it known whether Mint will also follow this new model (I sure hope that it does not!)?

Thanks,

G.

Re: More crazy stuff from Ubuntu - what will Mint do?

Posted: Thu Nov 10, 2011 2:38 pm
by viking777
Hmm. For once I actually agree with the people in Ubuntu. That doesn't happen often.

Re: More crazy stuff from Ubuntu - what will Mint do?

Posted: Thu Nov 10, 2011 7:12 pm
by andrewmac
People that did dutifully apply updates became conditioned to enter their privileged password perhaps daily. When the user is prompted for the password, it should mean something and the frequency of update-manager updates meant that some people no longer thought about why they were entering their password. For these users, the password prompt had the potential to reduce security.

I didn't really agree until I read that. It's a pretty solid point.

Re: More crazy stuff from Ubuntu - what will Mint do?

Posted: Sun Nov 13, 2011 1:15 pm
by JordanV0712
I read it over and it seems reasonable to me. You still need the password for downloading additional software, but updates to the software you have already installed doesn't need a password.

Re: More crazy stuff from Ubuntu - what will Mint do?

Posted: Sun Nov 13, 2011 3:24 pm
by Gremuchnik
LOL, looks like I in the minority here. Maybe its my Debian background, go figure ;-)

anyway, thanks for the replies, though it would have been nice to know whether Mint will adopt this (seemingly popular) method.

Cheers everybody!

Re: More crazy stuff from Ubuntu - what will Mint do?

Posted: Sun Nov 13, 2011 5:24 pm
by DrHu
the frequency of update-manager updates meant that some people no longer thought about why they were entering their password. For these users, the password prompt had the potential to reduce security.
..had the potential to reduce security
Oh really, so potential reality is now reality..
See what I mean, dummies at the switch (according to some..)

For Linux users, they no doubt prefer to manage their own updating methods, and would not like the vendor making the choices for them

But, as Ubuntu indicates this is security by default
--they can't trust (their) users to make the correct choice, and like Windows and Apple, just have to assume there is a dummy at the switch and we (knowing best) just have to help them..

Whatever they do, I hope I can alter the options ; prevent timed auto updating for example or none for no auto updating, or maybe I'll just have to live with their approach if it becomes endemic to that desktop user with an easy to use Linux style and available for anyone.

Re: More crazy stuff from Ubuntu - what will Mint do?

Posted: Sat Nov 19, 2011 11:45 am
by Anakinholland
DrHu wrote:..had the potential to reduce security
Oh really, so potential reality is now reality..
Yes, but I think it is a calculated risk. I can follow the train of thought in the article and can agree to some extend. By doing this, they reduce the amount of times you get confronted with the password-box for (to most users) futile stuff, therefor creating less chance of ignoring the issue when it matters.

Take Windows-installers as the perfect example. People need to click so many times, they become oblivious to the fact and just go Next, Next, Next, Next, Finish, after which they come princess that they now have 2 extra search-bars in their Internet Explorer and their home-page has been replaced.
DrHu wrote:Whatever they do, I hope I can alter the options ; prevent timed auto updating for example or none for no auto updating, or maybe I'll just have to live with their approach if it becomes endemic to that desktop user with an easy to use Linux style and available for anyone.
That is already present :)

From the same page:
For environments where this change is deemed not appropriate, this functionality can be disabled by the administrator via PolicyKit or by creating users that are not in the admin group (a recommended practice to begin with).
Regards,

Anakin