<article>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#article09_11_20_1241231</id>
	<title>Fedora 12 Package Installation Policy Tightened</title>
	<author>kdawson</author>
	<datestamp>1258725120000</datestamp>
	<htmltext>AdamWill writes <i>"After the controversy over Fedora 12's controversial package installation authentication policy, including <a href="http://linux.slashdot.org/story/09/11/18/2039229/Fedora-12-Lets-Users-Install-Signed-Packages-Sans-Root-Privileges">our discussion</a> this week, the package maintainers have agreed that the controversial policy will be tightened to require root authentication for trusted package installation. Please see <a href="https://www.redhat.com/archives/fedora-announce-list/2009-November/msg00012.html">the official announcement</a> and <a href="https://www.redhat.com/archives/fedora-devel-list/2009-November/msg01445.html">the development mailing list post</a> for more details."</i></htmltext>
<tokenext>AdamWill writes " After the controversy over Fedora 12 's controversial package installation authentication policy , including our discussion this week , the package maintainers have agreed that the controversial policy will be tightened to require root authentication for trusted package installation .
Please see the official announcement and the development mailing list post for more details .
"</tokentext>
<sentencetext>AdamWill writes "After the controversy over Fedora 12's controversial package installation authentication policy, including our discussion this week, the package maintainers have agreed that the controversial policy will be tightened to require root authentication for trusted package installation.
Please see the official announcement and the development mailing list post for more details.
"</sentencetext>
</article>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30171008</id>
	<title>And the announcement got it wrong</title>
	<author>Antique Geekmeister</author>
	<datestamp>1258732200000</datestamp>
	<modclass>Informativ</modclass>
	<modscore>2</modscore>
	<htmltext><p>Notice that the announcement said:</p><p>&gt; The update will require local console users to enter the root password to install new software<br>packages.</p><p>This is, of course, wrong. Such local installations are normally done with "sudo", which does not require root passwords.</p><p>This is the sort of linguistic sloppiness that lead to the shrieking by users. While such inconsistent behavior for the console versus logged in SSH users has no reasonable excuse and shouldn't have happened, the danger was much less than the early explanations lead reasonable people like me to believe, because many of the discussions left out the "this only works from the console" part. And given that the new Fedora release is taking a bit of time to download, we hadn't had the chance to try this ourselves.</p></htmltext>
<tokenext>Notice that the announcement said : &gt; The update will require local console users to enter the root password to install new softwarepackages.This is , of course , wrong .
Such local installations are normally done with " sudo " , which does not require root passwords.This is the sort of linguistic sloppiness that lead to the shrieking by users .
While such inconsistent behavior for the console versus logged in SSH users has no reasonable excuse and should n't have happened , the danger was much less than the early explanations lead reasonable people like me to believe , because many of the discussions left out the " this only works from the console " part .
And given that the new Fedora release is taking a bit of time to download , we had n't had the chance to try this ourselves .</tokentext>
<sentencetext>Notice that the announcement said:&gt; The update will require local console users to enter the root password to install new softwarepackages.This is, of course, wrong.
Such local installations are normally done with "sudo", which does not require root passwords.This is the sort of linguistic sloppiness that lead to the shrieking by users.
While such inconsistent behavior for the console versus logged in SSH users has no reasonable excuse and shouldn't have happened, the danger was much less than the early explanations lead reasonable people like me to believe, because many of the discussions left out the "this only works from the console" part.
And given that the new Fedora release is taking a bit of time to download, we hadn't had the chance to try this ourselves.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30179776</id>
	<title>Not a Bad Idea</title>
	<author>Anonymous</author>
	<datestamp>1258721580000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>Personally, I get annoyed when I get prompted every time I need to make a minor change to my notebook. Why can't I even mount a directory without modifying fstab? Not to mention having to set special permissions so that my limited user can use the directory once it's mounted.</p><p>Linux needs a sensible privilege system. Most of us aren't in corporate high-security and uptime environments; give us a break.</p></htmltext>
<tokenext>Personally , I get annoyed when I get prompted every time I need to make a minor change to my notebook .
Why ca n't I even mount a directory without modifying fstab ?
Not to mention having to set special permissions so that my limited user can use the directory once it 's mounted.Linux needs a sensible privilege system .
Most of us are n't in corporate high-security and uptime environments ; give us a break .</tokentext>
<sentencetext>Personally, I get annoyed when I get prompted every time I need to make a minor change to my notebook.
Why can't I even mount a directory without modifying fstab?
Not to mention having to set special permissions so that my limited user can use the directory once it's mounted.Linux needs a sensible privilege system.
Most of us aren't in corporate high-security and uptime environments; give us a break.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30171520</id>
	<title>Re:That was close...</title>
	<author>natet</author>
	<datestamp>1258734720000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>I've found that developers make ridiculously poor system administration decisions.  Something that seems acceptable to set up on a development machine is not necessarily something you'd want to do on a production system.</htmltext>
<tokenext>I 've found that developers make ridiculously poor system administration decisions .
Something that seems acceptable to set up on a development machine is not necessarily something you 'd want to do on a production system .</tokentext>
<sentencetext>I've found that developers make ridiculously poor system administration decisions.
Something that seems acceptable to set up on a development machine is not necessarily something you'd want to do on a production system.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30170514</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30170634</id>
	<title>Re:Attitude</title>
	<author>ByOhTek</author>
	<datestamp>1258730220000</datestamp>
	<modclass>Interestin</modclass>
	<modscore>3</modscore>
	<htmltext><p>Nonetheless, it's not a *horrible* concept, it was just a little too loose (as I've seen it described).</p><p>I think, as an option, and if the user was within a certain group (such as sudoers/wheel/whatever - changeable by the admin, and users who have administrative access), and only signed packages were affected (no change there), I wouldn't see an issue. At that point, it's basically saying "don't require a password for sudo when installing a package trusted by trusted authority 'xyz'".</p></htmltext>
<tokenext>Nonetheless , it 's not a * horrible * concept , it was just a little too loose ( as I 've seen it described ) .I think , as an option , and if the user was within a certain group ( such as sudoers/wheel/whatever - changeable by the admin , and users who have administrative access ) , and only signed packages were affected ( no change there ) , I would n't see an issue .
At that point , it 's basically saying " do n't require a password for sudo when installing a package trusted by trusted authority 'xyz ' " .</tokentext>
<sentencetext>Nonetheless, it's not a *horrible* concept, it was just a little too loose (as I've seen it described).I think, as an option, and if the user was within a certain group (such as sudoers/wheel/whatever - changeable by the admin, and users who have administrative access), and only signed packages were affected (no change there), I wouldn't see an issue.
At that point, it's basically saying "don't require a password for sudo when installing a package trusted by trusted authority 'xyz'".</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30170486</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30170680</id>
	<title>Overreacting</title>
	<author>Anonymous</author>
	<datestamp>1258730460000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>Allowing non-root users (by default, though I'm sure you could enforce your own policy) isn't nearly as heart-stopping as people are claiming.</p><p>This is definitely an overreacting community - what's the harmed in SIGNED packages?  Oh, boohoo, my users can install vim, emacs or pico if I neglected to.  The horror!<br>Of course, there are some packages in repo that could be questionable (jtr?  kismet?  ettercap?) that definitely need to be considered.</p><p>At the end of the day, Fedora is still geared toward desktop use, so seriously...  how "dangerous" could this really be on privately maintained systems with few users?</p><p>Obviously a bad idea for RHEL, but I wholly think everyone is severely overreacting on it's addition to Fedora.</p></htmltext>
<tokenext>Allowing non-root users ( by default , though I 'm sure you could enforce your own policy ) is n't nearly as heart-stopping as people are claiming.This is definitely an overreacting community - what 's the harmed in SIGNED packages ?
Oh , boohoo , my users can install vim , emacs or pico if I neglected to .
The horror ! Of course , there are some packages in repo that could be questionable ( jtr ?
kismet ? ettercap ?
) that definitely need to be considered.At the end of the day , Fedora is still geared toward desktop use , so seriously... how " dangerous " could this really be on privately maintained systems with few users ? Obviously a bad idea for RHEL , but I wholly think everyone is severely overreacting on it 's addition to Fedora .</tokentext>
<sentencetext>Allowing non-root users (by default, though I'm sure you could enforce your own policy) isn't nearly as heart-stopping as people are claiming.This is definitely an overreacting community - what's the harmed in SIGNED packages?
Oh, boohoo, my users can install vim, emacs or pico if I neglected to.
The horror!Of course, there are some packages in repo that could be questionable (jtr?
kismet?  ettercap?
) that definitely need to be considered.At the end of the day, Fedora is still geared toward desktop use, so seriously...  how "dangerous" could this really be on privately maintained systems with few users?Obviously a bad idea for RHEL, but I wholly think everyone is severely overreacting on it's addition to Fedora.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30171216</id>
	<title>Re:Never really thought this needed changing</title>
	<author>NoYob</author>
	<datestamp>1258733220000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>Non-root users can't install in Windows either. The problem is that most Windows users run their machines as admins; hence, all the virus problems folks have in the Windows World.</htmltext>
<tokenext>Non-root users ca n't install in Windows either .
The problem is that most Windows users run their machines as admins ; hence , all the virus problems folks have in the Windows World .</tokentext>
<sentencetext>Non-root users can't install in Windows either.
The problem is that most Windows users run their machines as admins; hence, all the virus problems folks have in the Windows World.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30170564</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30170724</id>
	<title>Re:At the risk of being flamed to hell</title>
	<author>jedidiah</author>
	<datestamp>1258730820000</datestamp>
	<modclass>Informativ</modclass>
	<modscore>5</modscore>
	<htmltext><p>This is just nonsense, TOTAL NONSENSE.</p><p>Unix users have ALWAYS had the ability to install applications into their own home directory. Ok, so it (maybe) never occured to the authors of Linux package managers to target the users home directory. However, the fact remains that the ability/possibility has always been there. You simply don't need to pollute the system files in order to "install an app" on Unix. That is one of it's key strengths.</p><p>This is why the Fedora guys got skewered.</p><p>Some of us have been "installing applications" in our home directories since before the first line of Linux was written.</p></htmltext>
<tokenext>This is just nonsense , TOTAL NONSENSE.Unix users have ALWAYS had the ability to install applications into their own home directory .
Ok , so it ( maybe ) never occured to the authors of Linux package managers to target the users home directory .
However , the fact remains that the ability/possibility has always been there .
You simply do n't need to pollute the system files in order to " install an app " on Unix .
That is one of it 's key strengths.This is why the Fedora guys got skewered.Some of us have been " installing applications " in our home directories since before the first line of Linux was written .</tokentext>
<sentencetext>This is just nonsense, TOTAL NONSENSE.Unix users have ALWAYS had the ability to install applications into their own home directory.
Ok, so it (maybe) never occured to the authors of Linux package managers to target the users home directory.
However, the fact remains that the ability/possibility has always been there.
You simply don't need to pollute the system files in order to "install an app" on Unix.
That is one of it's key strengths.This is why the Fedora guys got skewered.Some of us have been "installing applications" in our home directories since before the first line of Linux was written.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30170586</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30171360</id>
	<title>Tempest in a teapot</title>
	<author>caseih</author>
	<datestamp>1258733940000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>How many Fedora installations actually have "users" and "admins?"  The line that you don't want your users installing software just doesn't hold any water.  Honestly if you have an "admin" and "users" you'll be wanting to harden the install anyway, and more than likely you will not want to use Fedora.  Instead you'd do CentOS 5 or Ubuntu LTS.  Most installs of Fedora are on single-user, home systems.  Even in a family situation, a parent will likely want to enable parental controls anyway, so creating a limited account for the kids and using policykit to lock down what they can run (no terminal, etc), is one would do anyway.  So bringing up security in the context of "users"  is really a red herring here.</p><p>Even more ironically, most of the comments seem to indicate that sudo is a recommended solution!  Are you kidding?  How is that any better for admins and users?  If a user wants to do something that needs more privileges, you grant him carte blanche root access?  Even on OS X the access controls are this coarse.  If the user is "administrative" he has full root access.  The Fedora default made a lot of sense for home users but could easily be changed for other environments, though Fedora just doesn't belong in  most enterprises.</p><p>What Fedora probably needs to do (maybe they have) is introduce templates for use when creating users.  So you can easily create admin users, restricted users, etc.  Slashdot users seem to have no complaint about the fact that you absolutely do *not* need root on OS X to install software.  And even worse you can install software that's not cryptographically signed!</p></htmltext>
<tokenext>How many Fedora installations actually have " users " and " admins ?
" The line that you do n't want your users installing software just does n't hold any water .
Honestly if you have an " admin " and " users " you 'll be wanting to harden the install anyway , and more than likely you will not want to use Fedora .
Instead you 'd do CentOS 5 or Ubuntu LTS .
Most installs of Fedora are on single-user , home systems .
Even in a family situation , a parent will likely want to enable parental controls anyway , so creating a limited account for the kids and using policykit to lock down what they can run ( no terminal , etc ) , is one would do anyway .
So bringing up security in the context of " users " is really a red herring here.Even more ironically , most of the comments seem to indicate that sudo is a recommended solution !
Are you kidding ?
How is that any better for admins and users ?
If a user wants to do something that needs more privileges , you grant him carte blanche root access ?
Even on OS X the access controls are this coarse .
If the user is " administrative " he has full root access .
The Fedora default made a lot of sense for home users but could easily be changed for other environments , though Fedora just does n't belong in most enterprises.What Fedora probably needs to do ( maybe they have ) is introduce templates for use when creating users .
So you can easily create admin users , restricted users , etc .
Slashdot users seem to have no complaint about the fact that you absolutely do * not * need root on OS X to install software .
And even worse you can install software that 's not cryptographically signed !</tokentext>
<sentencetext>How many Fedora installations actually have "users" and "admins?
"  The line that you don't want your users installing software just doesn't hold any water.
Honestly if you have an "admin" and "users" you'll be wanting to harden the install anyway, and more than likely you will not want to use Fedora.
Instead you'd do CentOS 5 or Ubuntu LTS.
Most installs of Fedora are on single-user, home systems.
Even in a family situation, a parent will likely want to enable parental controls anyway, so creating a limited account for the kids and using policykit to lock down what they can run (no terminal, etc), is one would do anyway.
So bringing up security in the context of "users"  is really a red herring here.Even more ironically, most of the comments seem to indicate that sudo is a recommended solution!
Are you kidding?
How is that any better for admins and users?
If a user wants to do something that needs more privileges, you grant him carte blanche root access?
Even on OS X the access controls are this coarse.
If the user is "administrative" he has full root access.
The Fedora default made a lot of sense for home users but could easily be changed for other environments, though Fedora just doesn't belong in  most enterprises.What Fedora probably needs to do (maybe they have) is introduce templates for use when creating users.
So you can easily create admin users, restricted users, etc.
Slashdot users seem to have no complaint about the fact that you absolutely do *not* need root on OS X to install software.
And even worse you can install software that's not cryptographically signed!</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30170922</id>
	<title>Controversial controversy</title>
	<author>Fdisk81</author>
	<datestamp>1258731780000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>Do<nobr> <wbr></nobr>/. writers get paid by "controversy"?</htmltext>
<tokenext>Do / .
writers get paid by " controversy " ?</tokentext>
<sentencetext>Do /.
writers get paid by "controversy"?</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30170564</id>
	<title>Never really thought this needed changing</title>
	<author>lnlypaladin</author>
	<datestamp>1258729800000</datestamp>
	<modclass>Interestin</modclass>
	<modscore>5</modscore>
	<htmltext>See personally I never thought it would be in discussion whether to allow non-root users to install packages.   In my opinion it's one of the great advantages of *nix systems as far as security goes.

Even the distributions with the root user disabled to make it easier on a desktop user, like Ubuntu, still require use of the sudo command.  It's one of the biggest reasons certain worms and drive by download techniques which crippled Microsoft OS's never worked on *nix systems.</htmltext>
<tokenext>See personally I never thought it would be in discussion whether to allow non-root users to install packages .
In my opinion it 's one of the great advantages of * nix systems as far as security goes .
Even the distributions with the root user disabled to make it easier on a desktop user , like Ubuntu , still require use of the sudo command .
It 's one of the biggest reasons certain worms and drive by download techniques which crippled Microsoft OS 's never worked on * nix systems .</tokentext>
<sentencetext>See personally I never thought it would be in discussion whether to allow non-root users to install packages.
In my opinion it's one of the great advantages of *nix systems as far as security goes.
Even the distributions with the root user disabled to make it easier on a desktop user, like Ubuntu, still require use of the sudo command.
It's one of the biggest reasons certain worms and drive by download techniques which crippled Microsoft OS's never worked on *nix systems.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30175674</id>
	<title>Re:Dunno man, but</title>
	<author>David Jao</author>
	<datestamp>1258749180000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p><div class="quote"><p>The initial change was discussed in public - on the PackageKit mailing list - and implemented over a year ago.</p></div><p>Let's be clear here. They discussed modifying PackageKit to allow an administrator to create such configurations. Nowhere in the entire thread did anyone mention "Oh by the way, let's also make this the default configuration for the F12 release."
</p><p>
Don't believe me? <a href="http://thread.gmane.org/gmane.comp.freedesktop.packagekit/2611" title="gmane.org">See for yourself.</a> [gmane.org]</p></div>
	</htmltext>
<tokenext>The initial change was discussed in public - on the PackageKit mailing list - and implemented over a year ago.Let 's be clear here .
They discussed modifying PackageKit to allow an administrator to create such configurations .
Nowhere in the entire thread did anyone mention " Oh by the way , let 's also make this the default configuration for the F12 release .
" Do n't believe me ?
See for yourself .
[ gmane.org ]</tokentext>
<sentencetext>The initial change was discussed in public - on the PackageKit mailing list - and implemented over a year ago.Let's be clear here.
They discussed modifying PackageKit to allow an administrator to create such configurations.
Nowhere in the entire thread did anyone mention "Oh by the way, let's also make this the default configuration for the F12 release.
"

Don't believe me?
See for yourself.
[gmane.org]
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30172302</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30170400</id>
	<title>AC First post?</title>
	<author>Anonymous</author>
	<datestamp>1258728840000</datestamp>
	<modclass>Offtopic</modclass>
	<modscore>-1</modscore>
	<htmltext><p>AC First post?</p></htmltext>
<tokenext>AC First post ?</tokentext>
<sentencetext>AC First post?</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30170676</id>
	<title>Non-controversial</title>
	<author>SgtChaireBourne</author>
	<datestamp>1258730460000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p><div class="quote"><p>Wow. Thank goodness those guys "discovered" that allowing non-root users to do dangerous things to the OS/application stack was a bad idea and "agreed" to lock it down. We might have had some serious problems there. (roll eyes)
WTF? How on gawds green earth did this happen in the first place?</p></div><p>
The use of the word "controversial" to describe the <i>rollback</i> to the original, more secure settings is bizarre, too.  The failure here was the process and the people that must have worked to push through the weird settings that allowed everyone and their dog to install random 'signed' but unconfigured packages.  That's something we'd expect from Microsoft employees, trainees, 'engineers' or 'researchers', not Red Hat staff or volunteers.
</p><p>
I notice that mono has shown up in the distro, too.  When will managers learn about bringing posers bringing the One Microsoft Way into a project?  Microsoft hasn't done much of any technology right during the time it's been around. Is it a wise choice to start letting that way of thinking spread and gut yet another fine distro?
</p></div>
	</htmltext>
<tokenext>Wow .
Thank goodness those guys " discovered " that allowing non-root users to do dangerous things to the OS/application stack was a bad idea and " agreed " to lock it down .
We might have had some serious problems there .
( roll eyes ) WTF ?
How on gawds green earth did this happen in the first place ?
The use of the word " controversial " to describe the rollback to the original , more secure settings is bizarre , too .
The failure here was the process and the people that must have worked to push through the weird settings that allowed everyone and their dog to install random 'signed ' but unconfigured packages .
That 's something we 'd expect from Microsoft employees , trainees , 'engineers ' or 'researchers ' , not Red Hat staff or volunteers .
I notice that mono has shown up in the distro , too .
When will managers learn about bringing posers bringing the One Microsoft Way into a project ?
Microsoft has n't done much of any technology right during the time it 's been around .
Is it a wise choice to start letting that way of thinking spread and gut yet another fine distro ?</tokentext>
<sentencetext>Wow.
Thank goodness those guys "discovered" that allowing non-root users to do dangerous things to the OS/application stack was a bad idea and "agreed" to lock it down.
We might have had some serious problems there.
(roll eyes)
WTF?
How on gawds green earth did this happen in the first place?
The use of the word "controversial" to describe the rollback to the original, more secure settings is bizarre, too.
The failure here was the process and the people that must have worked to push through the weird settings that allowed everyone and their dog to install random 'signed' but unconfigured packages.
That's something we'd expect from Microsoft employees, trainees, 'engineers' or 'researchers', not Red Hat staff or volunteers.
I notice that mono has shown up in the distro, too.
When will managers learn about bringing posers bringing the One Microsoft Way into a project?
Microsoft hasn't done much of any technology right during the time it's been around.
Is it a wise choice to start letting that way of thinking spread and gut yet another fine distro?

	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30170514</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30171574</id>
	<title>It is still a good idea for certain users</title>
	<author>Anonymous</author>
	<datestamp>1258734960000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>It is still a good idea for certain users to install packages.<br>Perhap a trusted group.</p><p>If only root can do it, then everyone is using sudo, and you system is less secure.</p></htmltext>
<tokenext>It is still a good idea for certain users to install packages.Perhap a trusted group.If only root can do it , then everyone is using sudo , and you system is less secure .</tokentext>
<sentencetext>It is still a good idea for certain users to install packages.Perhap a trusted group.If only root can do it, then everyone is using sudo, and you system is less secure.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30170666</id>
	<title>Re:Finally!Pre-Christmas gift, shoes,handbags,ugg</title>
	<author>Anonymous</author>
	<datestamp>1258730400000</datestamp>
	<modclass>Offtopic</modclass>
	<modscore>-1</modscore>
	<htmltext><a href="http://www.coolforsale.com/" title="coolforsale.com" rel="nofollow">http://www.coolforsale.com/</a> [coolforsale.com]
Christmas is around the corner:  And old customers can also enjoy the gifts sent by my company in a can also request to our company.  Gifts lot,Buy more get the moreOnly this site have this treatmentOur goal is "Best quality, Best reputation , Best services". Your satisfaction is our main pursue. You can find the best products from us, meeting your different needs.

Ladies and Gentlemen  weicome  to  my  coolforsale.com.Here,there  are   the   most   fashion   products . Pass by but don't   miss  it.Select  your  favorite  clothing!  Welcome  to come  next   time ! Thank you!     <a href="http://www.coolforsale.com/productlist.asp?id=s76" title="coolforsale.com" rel="nofollow">http://www.coolforsale.com/productlist.asp?id=s76</a> [coolforsale.com] (Tracksuit w)
ugg boot,POLO hoody,Jacket,
Air jordan(1-24)shoes $33
Nike shox(R4,NZ,OZ,TL1,TL2,TL3) $35
Handbags(Coach lv fendi d&amp;g) $35
Tshirts (Polo<nobr> <wbr></nobr>,ed hardy,lacoste) $16
free shipping
competitive price
any size available
accept the paypal
Thanks</htmltext>
<tokenext>http : //www.coolforsale.com/ [ coolforsale.com ] Christmas is around the corner : And old customers can also enjoy the gifts sent by my company in a can also request to our company .
Gifts lot,Buy more get the moreOnly this site have this treatmentOur goal is " Best quality , Best reputation , Best services " .
Your satisfaction is our main pursue .
You can find the best products from us , meeting your different needs .
Ladies and Gentlemen weicome to my coolforsale.com.Here,there are the most fashion products .
Pass by but do n't miss it.Select your favorite clothing !
Welcome to come next time !
Thank you !
http : //www.coolforsale.com/productlist.asp ? id = s76 [ coolforsale.com ] ( Tracksuit w ) ugg boot,POLO hoody,Jacket , Air jordan ( 1-24 ) shoes $ 33 Nike shox ( R4,NZ,OZ,TL1,TL2,TL3 ) $ 35 Handbags ( Coach lv fendi d&amp;g ) $ 35 Tshirts ( Polo ,ed hardy,lacoste ) $ 16 free shipping competitive price any size available accept the paypal Thanks</tokentext>
<sentencetext>http://www.coolforsale.com/ [coolforsale.com]
Christmas is around the corner:  And old customers can also enjoy the gifts sent by my company in a can also request to our company.
Gifts lot,Buy more get the moreOnly this site have this treatmentOur goal is "Best quality, Best reputation , Best services".
Your satisfaction is our main pursue.
You can find the best products from us, meeting your different needs.
Ladies and Gentlemen  weicome  to  my  coolforsale.com.Here,there  are   the   most   fashion   products .
Pass by but don't   miss  it.Select  your  favorite  clothing!
Welcome  to come  next   time !
Thank you!
http://www.coolforsale.com/productlist.asp?id=s76 [coolforsale.com] (Tracksuit w)
ugg boot,POLO hoody,Jacket,
Air jordan(1-24)shoes $33
Nike shox(R4,NZ,OZ,TL1,TL2,TL3) $35
Handbags(Coach lv fendi d&amp;g) $35
Tshirts (Polo ,ed hardy,lacoste) $16
free shipping
competitive price
any size available
accept the paypal
Thanks</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30170396</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30175338</id>
	<title>Re:Outrageous</title>
	<author>akpoff</author>
	<datestamp>1258748220000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><blockquote><div><p>QUOTE:<br>
If you give up freedom for security you deserve neither - Thomas Jefferson</p></div></blockquote><p>You got the gist of the quote but the original is much better. And it came from Ben Franklin.</p><blockquote><div><p>Those who would give up Essential Liberty to purchase a little Temporary Safety, deserve neither Liberty nor Safety. - Benjamin Franklin</p></div></blockquote><p>
</p></div>
	</htmltext>
<tokenext>QUOTE : If you give up freedom for security you deserve neither - Thomas JeffersonYou got the gist of the quote but the original is much better .
And it came from Ben Franklin.Those who would give up Essential Liberty to purchase a little Temporary Safety , deserve neither Liberty nor Safety .
- Benjamin Franklin</tokentext>
<sentencetext>QUOTE:
If you give up freedom for security you deserve neither - Thomas JeffersonYou got the gist of the quote but the original is much better.
And it came from Ben Franklin.Those who would give up Essential Liberty to purchase a little Temporary Safety, deserve neither Liberty nor Safety.
- Benjamin Franklin

	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30170806</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30170586</id>
	<title>At the risk of being flamed to hell</title>
	<author>jimicus</author>
	<datestamp>1258729920000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>The idea of allowing normal users to install signed software is actually not all that bad.</p><p>Frankly, the most common alternatives - either users have to ask IT to do it (which neither the users like nor does the IT department necessarily want to spend its days messing around with) or giving them local admin (or, this being Linux, local root) privileges are both awful.</p><p>Off the top of my head, I can think of a few sane solutions to the problem - none of which appear to have been given serious thought:</p><p>1.  Provide a list of software which <b>anyone</b> can install.  (Oh look, that's more or less what Fedora did, though obviously if you depend on signatures you don't need to compile and maintain a list.  Might have been nice if they'd made it so the admin had to decide in advance what software could be allowed, rather than just sticking the entire repository in there, but the idea's sound)<br>2.  Provide a sandbox of some sort that can be wiped on demand and install software into that.</p></htmltext>
<tokenext>The idea of allowing normal users to install signed software is actually not all that bad.Frankly , the most common alternatives - either users have to ask IT to do it ( which neither the users like nor does the IT department necessarily want to spend its days messing around with ) or giving them local admin ( or , this being Linux , local root ) privileges are both awful.Off the top of my head , I can think of a few sane solutions to the problem - none of which appear to have been given serious thought : 1 .
Provide a list of software which anyone can install .
( Oh look , that 's more or less what Fedora did , though obviously if you depend on signatures you do n't need to compile and maintain a list .
Might have been nice if they 'd made it so the admin had to decide in advance what software could be allowed , rather than just sticking the entire repository in there , but the idea 's sound ) 2 .
Provide a sandbox of some sort that can be wiped on demand and install software into that .</tokentext>
<sentencetext>The idea of allowing normal users to install signed software is actually not all that bad.Frankly, the most common alternatives - either users have to ask IT to do it (which neither the users like nor does the IT department necessarily want to spend its days messing around with) or giving them local admin (or, this being Linux, local root) privileges are both awful.Off the top of my head, I can think of a few sane solutions to the problem - none of which appear to have been given serious thought:1.
Provide a list of software which anyone can install.
(Oh look, that's more or less what Fedora did, though obviously if you depend on signatures you don't need to compile and maintain a list.
Might have been nice if they'd made it so the admin had to decide in advance what software could be allowed, rather than just sticking the entire repository in there, but the idea's sound)2.
Provide a sandbox of some sort that can be wiped on demand and install software into that.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30172302</id>
	<title>Re:Dunno man, but</title>
	<author>AdamWill</author>
	<datestamp>1258737960000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>The initial change was discussed in public - on the PackageKit mailing list - and implemented over a year ago. PackageKit is an upstream project, used by multiple distributions, and this change was implemented in PackageKit (although, of course, the upstream author who proposed and coded the change works for Red Hat); it's come to light in Fedora 12 because it's the first distribution to actually use a version of PackageKit ported to PolicyKit 1.</p><p>I'm curious as to how you expect an idea to be "squashed 5 minutes after it was proposed" as a result of Fedora "open[ing] up their decision making process" - how does a more open process lead to faster decisions? In all the experience I've ever had, the result is true. Having an open review process - which Fedora does - results in slightly slower decisions but, hopefully, more ultimately correct ones. I know which I'd choose.</p><p>There are potential process improvements here - there's a proposal to have a consistent policy for privileges granted via PolicyKit, for instance - but it's really not as simple as 'open up their decision making process'. It's pretty darn open already.</p></htmltext>
<tokenext>The initial change was discussed in public - on the PackageKit mailing list - and implemented over a year ago .
PackageKit is an upstream project , used by multiple distributions , and this change was implemented in PackageKit ( although , of course , the upstream author who proposed and coded the change works for Red Hat ) ; it 's come to light in Fedora 12 because it 's the first distribution to actually use a version of PackageKit ported to PolicyKit 1.I 'm curious as to how you expect an idea to be " squashed 5 minutes after it was proposed " as a result of Fedora " open [ ing ] up their decision making process " - how does a more open process lead to faster decisions ?
In all the experience I 've ever had , the result is true .
Having an open review process - which Fedora does - results in slightly slower decisions but , hopefully , more ultimately correct ones .
I know which I 'd choose.There are potential process improvements here - there 's a proposal to have a consistent policy for privileges granted via PolicyKit , for instance - but it 's really not as simple as 'open up their decision making process' .
It 's pretty darn open already .</tokentext>
<sentencetext>The initial change was discussed in public - on the PackageKit mailing list - and implemented over a year ago.
PackageKit is an upstream project, used by multiple distributions, and this change was implemented in PackageKit (although, of course, the upstream author who proposed and coded the change works for Red Hat); it's come to light in Fedora 12 because it's the first distribution to actually use a version of PackageKit ported to PolicyKit 1.I'm curious as to how you expect an idea to be "squashed 5 minutes after it was proposed" as a result of Fedora "open[ing] up their decision making process" - how does a more open process lead to faster decisions?
In all the experience I've ever had, the result is true.
Having an open review process - which Fedora does - results in slightly slower decisions but, hopefully, more ultimately correct ones.
I know which I'd choose.There are potential process improvements here - there's a proposal to have a consistent policy for privileges granted via PolicyKit, for instance - but it's really not as simple as 'open up their decision making process'.
It's pretty darn open already.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30170688</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30171442</id>
	<title>Re:Attitude</title>
	<author>Anonymous</author>
	<datestamp>1258734360000</datestamp>
	<modclass>Insightful</modclass>
	<modscore>2</modscore>
	<htmltext><p>To be honest that's kind of what I've come to expect from most FOSS projects - an attitude of "we're doing this because we want to, we donate our time for free - if you don't like it, fork it and fix it, or use something else".</p><p>It's actually hard to argue with most of the time, as they really are donating their time for free...</p></htmltext>
<tokenext>To be honest that 's kind of what I 've come to expect from most FOSS projects - an attitude of " we 're doing this because we want to , we donate our time for free - if you do n't like it , fork it and fix it , or use something else " .It 's actually hard to argue with most of the time , as they really are donating their time for free.. .</tokentext>
<sentencetext>To be honest that's kind of what I've come to expect from most FOSS projects - an attitude of "we're doing this because we want to, we donate our time for free - if you don't like it, fork it and fix it, or use something else".It's actually hard to argue with most of the time, as they really are donating their time for free...</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30170486</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30171710</id>
	<title>Re:Finally!</title>
	<author>nexxuz</author>
	<datestamp>1258735560000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p><div class="quote"><p>Bunch of dirty hippie linux slackers</p></div><p>It's Fedora not Slack!</p></div>
	</htmltext>
<tokenext>Bunch of dirty hippie linux slackersIt 's Fedora not Slack !</tokentext>
<sentencetext>Bunch of dirty hippie linux slackersIt's Fedora not Slack!
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30170606</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30172384</id>
	<title>Re:A sensible compromise</title>
	<author>Anonymous</author>
	<datestamp>1258738200000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>Role Based Access Control anyone?</p></htmltext>
<tokenext>Role Based Access Control anyone ?</tokentext>
<sentencetext>Role Based Access Control anyone?</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30171028</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30175672</id>
	<title>Re:That was close...</title>
	<author>jim\_v2000</author>
	<datestamp>1258749180000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>Because they aren't all server managing IT nazis and this is a desktop OS that will most of the time be used by a single user?</htmltext>
<tokenext>Because they are n't all server managing IT nazis and this is a desktop OS that will most of the time be used by a single user ?</tokentext>
<sentencetext>Because they aren't all server managing IT nazis and this is a desktop OS that will most of the time be used by a single user?</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30170514</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30171248</id>
	<title>Re:At the risk of being flamed to hell</title>
	<author>jdunn14</author>
	<datestamp>1258733400000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>I'll dive in burn with you on this one.  You missed one other major point that the Fedora developers had.  A large majority of their user base is desktop systems where there is not some great IT staff or distant administrator.  I am the admin in my boxes.  No one else has a login.  If I want to install packages without a password that shouldn't be difficult.  I configured the repositories, I added the public keys after evaluating how much I trusted the repo.  Letting the normal user (still me) install packages isn't the end of the world people make it out to be.  In the case where I let my friend log into my machine remotely to look at something or help me debug or whatever, they WOULD NOT be able to install packages unless they logged into the local console (yes that was part of this change).</p><p>All this said, I personally would not turn on this option for my own desktops because I don't like the idea of my unprivileged account being able to hose the OS.  Then again, repairing/reinstalling the OS is not a big deal compared to replacing the files in<nobr> <wbr></nobr>/home.</p><p>What this all comes down to is that it is not nearly as cut-and-dried as people on either side are shouting that it is.</p></htmltext>
<tokenext>I 'll dive in burn with you on this one .
You missed one other major point that the Fedora developers had .
A large majority of their user base is desktop systems where there is not some great IT staff or distant administrator .
I am the admin in my boxes .
No one else has a login .
If I want to install packages without a password that should n't be difficult .
I configured the repositories , I added the public keys after evaluating how much I trusted the repo .
Letting the normal user ( still me ) install packages is n't the end of the world people make it out to be .
In the case where I let my friend log into my machine remotely to look at something or help me debug or whatever , they WOULD NOT be able to install packages unless they logged into the local console ( yes that was part of this change ) .All this said , I personally would not turn on this option for my own desktops because I do n't like the idea of my unprivileged account being able to hose the OS .
Then again , repairing/reinstalling the OS is not a big deal compared to replacing the files in /home.What this all comes down to is that it is not nearly as cut-and-dried as people on either side are shouting that it is .</tokentext>
<sentencetext>I'll dive in burn with you on this one.
You missed one other major point that the Fedora developers had.
A large majority of their user base is desktop systems where there is not some great IT staff or distant administrator.
I am the admin in my boxes.
No one else has a login.
If I want to install packages without a password that shouldn't be difficult.
I configured the repositories, I added the public keys after evaluating how much I trusted the repo.
Letting the normal user (still me) install packages isn't the end of the world people make it out to be.
In the case where I let my friend log into my machine remotely to look at something or help me debug or whatever, they WOULD NOT be able to install packages unless they logged into the local console (yes that was part of this change).All this said, I personally would not turn on this option for my own desktops because I don't like the idea of my unprivileged account being able to hose the OS.
Then again, repairing/reinstalling the OS is not a big deal compared to replacing the files in /home.What this all comes down to is that it is not nearly as cut-and-dried as people on either side are shouting that it is.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30170586</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30171810</id>
	<title>but..</title>
	<author>Anonymous</author>
	<datestamp>1258735980000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>i'd be happy if they fixed the checksum file which incorrectly states the sha256 hashes are sha1.</p></htmltext>
<tokenext>i 'd be happy if they fixed the checksum file which incorrectly states the sha256 hashes are sha1 .</tokentext>
<sentencetext>i'd be happy if they fixed the checksum file which incorrectly states the sha256 hashes are sha1.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30173718</id>
	<title>Re:At the risk of being flamed to hell</title>
	<author>redstar427</author>
	<datestamp>1258742940000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>This has not changed.  You can still install software in your home directory the old fashioned way.<br>Just don't expect to use a package manager.</p></htmltext>
<tokenext>This has not changed .
You can still install software in your home directory the old fashioned way.Just do n't expect to use a package manager .</tokentext>
<sentencetext>This has not changed.
You can still install software in your home directory the old fashioned way.Just don't expect to use a package manager.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30170724</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30174764</id>
	<title>Re:Attitude</title>
	<author>BitZtream</author>
	<datestamp>1258746360000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>Really?  You think the Win95 security model was a good one?</p><p>There is no such thing as a 'trusted repository', at least not in my world.  The closest thing I can think of would be if Theo de raadt personally verified and signed packages.  Even then, thats still a maybe, I've seen him miss plenty of bugs over the user that lead to exploits.</p><p>When you start lowering your security to less than that of Windows, and your developers working on it don't have the slightest idea of the concepts involved (they don't, I took the time to read the entire discussion), and to make it worse they have this 'I know more than you can possibly understand and I'm right' attitude, even when its pointed out how this is going to make many systems insecure due to dependancies and no one is going to know because the mailing list discussion is the only note about it<nobr> <wbr></nobr>... something is clearly wrong.</p><p>The entire thing makes it extremely clear that you can't trust them to make intelligent security decisions.  Hell, they STILL haven't even accepted that it was a mistake, the response is more of a wishy-washy 'We are still right, but were going to change it to shut you guys up, we will just do it again later and see if you notice it then'.</p><p>Might as well just sing out:<br>Fedora - The distributions botnets and malware prefer for Linux.</p></htmltext>
<tokenext>Really ?
You think the Win95 security model was a good one ? There is no such thing as a 'trusted repository ' , at least not in my world .
The closest thing I can think of would be if Theo de raadt personally verified and signed packages .
Even then , thats still a maybe , I 've seen him miss plenty of bugs over the user that lead to exploits.When you start lowering your security to less than that of Windows , and your developers working on it do n't have the slightest idea of the concepts involved ( they do n't , I took the time to read the entire discussion ) , and to make it worse they have this 'I know more than you can possibly understand and I 'm right ' attitude , even when its pointed out how this is going to make many systems insecure due to dependancies and no one is going to know because the mailing list discussion is the only note about it ... something is clearly wrong.The entire thing makes it extremely clear that you ca n't trust them to make intelligent security decisions .
Hell , they STILL have n't even accepted that it was a mistake , the response is more of a wishy-washy 'We are still right , but were going to change it to shut you guys up , we will just do it again later and see if you notice it then'.Might as well just sing out : Fedora - The distributions botnets and malware prefer for Linux .</tokentext>
<sentencetext>Really?
You think the Win95 security model was a good one?There is no such thing as a 'trusted repository', at least not in my world.
The closest thing I can think of would be if Theo de raadt personally verified and signed packages.
Even then, thats still a maybe, I've seen him miss plenty of bugs over the user that lead to exploits.When you start lowering your security to less than that of Windows, and your developers working on it don't have the slightest idea of the concepts involved (they don't, I took the time to read the entire discussion), and to make it worse they have this 'I know more than you can possibly understand and I'm right' attitude, even when its pointed out how this is going to make many systems insecure due to dependancies and no one is going to know because the mailing list discussion is the only note about it ... something is clearly wrong.The entire thing makes it extremely clear that you can't trust them to make intelligent security decisions.
Hell, they STILL haven't even accepted that it was a mistake, the response is more of a wishy-washy 'We are still right, but were going to change it to shut you guys up, we will just do it again later and see if you notice it then'.Might as well just sing out:Fedora - The distributions botnets and malware prefer for Linux.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30170634</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30174034</id>
	<title>Re:Dunno man, but</title>
	<author>Anonymous</author>
	<datestamp>1258744020000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>Oh stop with the drama.  It's not a horrible idea to avoid prompting for things people have an obvious trust relationship with, have been confirmed as trusted using accepted techniques, and are going to be installed by the user anyway, 99.99999\% of the time.</p><p>The whole issue was ridiculously overblown.</p></htmltext>
<tokenext>Oh stop with the drama .
It 's not a horrible idea to avoid prompting for things people have an obvious trust relationship with , have been confirmed as trusted using accepted techniques , and are going to be installed by the user anyway , 99.99999 \ % of the time.The whole issue was ridiculously overblown .</tokentext>
<sentencetext>Oh stop with the drama.
It's not a horrible idea to avoid prompting for things people have an obvious trust relationship with, have been confirmed as trusted using accepted techniques, and are going to be installed by the user anyway, 99.99999\% of the time.The whole issue was ridiculously overblown.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30170688</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30170688</id>
	<title>Dunno man, but</title>
	<author>Giant Electronic Bra</author>
	<datestamp>1258730520000</datestamp>
	<modclass>Insightful</modclass>
	<modscore>5</modscore>
	<htmltext><p>The whole Fedora Team's creation of and response to this issue creates very serious doubt in my mind about their ability to manage a distribution and their understanding of proper security policy. I think they've got to open up their decision making process more and learn to communicate better. An idea this bad should have been squashed 5 minutes after it was proposed instead of being allowed to actually make it into a released distribution.</p><p>At least it all shows that the community still ultimately calls the shots.</p></htmltext>
<tokenext>The whole Fedora Team 's creation of and response to this issue creates very serious doubt in my mind about their ability to manage a distribution and their understanding of proper security policy .
I think they 've got to open up their decision making process more and learn to communicate better .
An idea this bad should have been squashed 5 minutes after it was proposed instead of being allowed to actually make it into a released distribution.At least it all shows that the community still ultimately calls the shots .</tokentext>
<sentencetext>The whole Fedora Team's creation of and response to this issue creates very serious doubt in my mind about their ability to manage a distribution and their understanding of proper security policy.
I think they've got to open up their decision making process more and learn to communicate better.
An idea this bad should have been squashed 5 minutes after it was proposed instead of being allowed to actually make it into a released distribution.At least it all shows that the community still ultimately calls the shots.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30170514</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30171960</id>
	<title>Re:Attitude</title>
	<author>dejanc</author>
	<datestamp>1258736700000</datestamp>
	<modclass>Interestin</modclass>
	<modscore>3</modscore>
	<htmltext><p><div class="quote"><p>What really got me about this one was the attitude some developers had<nobr> <wbr></nobr>... constantly trying to justify their correctness, despite the huge backlash from users.  I feel the trust relationship is kinda broken<nobr> <wbr></nobr>... but at least they finally came around and listened.</p></div><p>Fedora does this all the time (or at least, often enough for me to think it's all the time). Here is a couple of examples:</p><ul>
<li>Fedora Core 2 included the infamous 4k stack option enabled in Kernel, because of which NVIDIA drivers didn't work (and os drivers sucked). Users complained to no avail - Fedora's developers decided to introduce a feature they thought was good at cost of breaking many desktops. We had to recompile kernels.</li><li>Fedora 9 introduced new GDM. This application was (and still is) crippled compared to the old one, but apparently a major rewrite was in order. The result was that configuration of many users (e.g. autologin, etc) was broken, that there was no configuration GUI that we were used to, usability was crippled for all systems that use remote login with many users, etc. But, new GDM was the future, so despite the breakage, Fedora's developers decided to push it.</li><li>PulseAudio, anyone? But that's common for most distributions...</li></ul><p>My point is: Fedora is a polygon for testing new technologies to be included in RHEL. Nothing more, nothing less. Perfect users for it are RHEL admins who want to get a preview of future releases, not casual desktop users.</p></div>
	</htmltext>
<tokenext>What really got me about this one was the attitude some developers had ... constantly trying to justify their correctness , despite the huge backlash from users .
I feel the trust relationship is kinda broken ... but at least they finally came around and listened.Fedora does this all the time ( or at least , often enough for me to think it 's all the time ) .
Here is a couple of examples : Fedora Core 2 included the infamous 4k stack option enabled in Kernel , because of which NVIDIA drivers did n't work ( and os drivers sucked ) .
Users complained to no avail - Fedora 's developers decided to introduce a feature they thought was good at cost of breaking many desktops .
We had to recompile kernels.Fedora 9 introduced new GDM .
This application was ( and still is ) crippled compared to the old one , but apparently a major rewrite was in order .
The result was that configuration of many users ( e.g .
autologin , etc ) was broken , that there was no configuration GUI that we were used to , usability was crippled for all systems that use remote login with many users , etc .
But , new GDM was the future , so despite the breakage , Fedora 's developers decided to push it.PulseAudio , anyone ?
But that 's common for most distributions...My point is : Fedora is a polygon for testing new technologies to be included in RHEL .
Nothing more , nothing less .
Perfect users for it are RHEL admins who want to get a preview of future releases , not casual desktop users .</tokentext>
<sentencetext>What really got me about this one was the attitude some developers had ... constantly trying to justify their correctness, despite the huge backlash from users.
I feel the trust relationship is kinda broken ... but at least they finally came around and listened.Fedora does this all the time (or at least, often enough for me to think it's all the time).
Here is a couple of examples:
Fedora Core 2 included the infamous 4k stack option enabled in Kernel, because of which NVIDIA drivers didn't work (and os drivers sucked).
Users complained to no avail - Fedora's developers decided to introduce a feature they thought was good at cost of breaking many desktops.
We had to recompile kernels.Fedora 9 introduced new GDM.
This application was (and still is) crippled compared to the old one, but apparently a major rewrite was in order.
The result was that configuration of many users (e.g.
autologin, etc) was broken, that there was no configuration GUI that we were used to, usability was crippled for all systems that use remote login with many users, etc.
But, new GDM was the future, so despite the breakage, Fedora's developers decided to push it.PulseAudio, anyone?
But that's common for most distributions...My point is: Fedora is a polygon for testing new technologies to be included in RHEL.
Nothing more, nothing less.
Perfect users for it are RHEL admins who want to get a preview of future releases, not casual desktop users.
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30170486</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30171028</id>
	<title>A sensible compromise</title>
	<author>Lemming Mark</author>
	<datestamp>1258732320000</datestamp>
	<modclass>Insightful</modclass>
	<modscore>3</modscore>
	<htmltext><p>The policy of allowing certain users to install software, within certain limits, is not crazy.  It gives you:<br>* don't have users typing in the root password all the time<br>* if you need a codec or viewer plugin, the system can pop up a "Getting a viewer for you" window, rather than a "Can't view this, please install foo, put root password here"<br>* this is made possible because Linux distros have their own "app store" of approved software, which comes *from the distro* so you know where to get it and you know it's relatively unlikely to be malware.  Windows and MacOS can't do this.</p><p>The limits included only giving these privileges to the console user, who probably has physical access and can root the machine anyhow, which is also sensible.  But it also gives malware the local user might end up running (e.g. due to a Firefox compromise) the ability to install software.  That's not necessarily too bad unless it's, for instance, installing vulnerable setuid-root software.  So this needs to be thought about carefully before enabling on an individual machine, unless the distro has thought *even harder* about it so you don't have to.  It doesn't really seem like the Fedora guys thought about it hard enough, even though it could be a good policy for the future if done right.  And I don't think anybody is happy about such a major change in behaviour happening without it being announced and debated very publically.</p><p>I hope to see this feature reappearing in a future Fedora release - it's a good feature if they do it right.  But they should be *even more* careful about what they permit and they shouldn't make dramatic behaviour changes occurring by default without heavy debate (and if you upgrade from an old version, rather than clean install, it should certainly say "This is a behaviour change, do you want it?" - probably defaulting to no.</p></htmltext>
<tokenext>The policy of allowing certain users to install software , within certain limits , is not crazy .
It gives you : * do n't have users typing in the root password all the time * if you need a codec or viewer plugin , the system can pop up a " Getting a viewer for you " window , rather than a " Ca n't view this , please install foo , put root password here " * this is made possible because Linux distros have their own " app store " of approved software , which comes * from the distro * so you know where to get it and you know it 's relatively unlikely to be malware .
Windows and MacOS ca n't do this.The limits included only giving these privileges to the console user , who probably has physical access and can root the machine anyhow , which is also sensible .
But it also gives malware the local user might end up running ( e.g .
due to a Firefox compromise ) the ability to install software .
That 's not necessarily too bad unless it 's , for instance , installing vulnerable setuid-root software .
So this needs to be thought about carefully before enabling on an individual machine , unless the distro has thought * even harder * about it so you do n't have to .
It does n't really seem like the Fedora guys thought about it hard enough , even though it could be a good policy for the future if done right .
And I do n't think anybody is happy about such a major change in behaviour happening without it being announced and debated very publically.I hope to see this feature reappearing in a future Fedora release - it 's a good feature if they do it right .
But they should be * even more * careful about what they permit and they should n't make dramatic behaviour changes occurring by default without heavy debate ( and if you upgrade from an old version , rather than clean install , it should certainly say " This is a behaviour change , do you want it ?
" - probably defaulting to no .</tokentext>
<sentencetext>The policy of allowing certain users to install software, within certain limits, is not crazy.
It gives you:* don't have users typing in the root password all the time* if you need a codec or viewer plugin, the system can pop up a "Getting a viewer for you" window, rather than a "Can't view this, please install foo, put root password here"* this is made possible because Linux distros have their own "app store" of approved software, which comes *from the distro* so you know where to get it and you know it's relatively unlikely to be malware.
Windows and MacOS can't do this.The limits included only giving these privileges to the console user, who probably has physical access and can root the machine anyhow, which is also sensible.
But it also gives malware the local user might end up running (e.g.
due to a Firefox compromise) the ability to install software.
That's not necessarily too bad unless it's, for instance, installing vulnerable setuid-root software.
So this needs to be thought about carefully before enabling on an individual machine, unless the distro has thought *even harder* about it so you don't have to.
It doesn't really seem like the Fedora guys thought about it hard enough, even though it could be a good policy for the future if done right.
And I don't think anybody is happy about such a major change in behaviour happening without it being announced and debated very publically.I hope to see this feature reappearing in a future Fedora release - it's a good feature if they do it right.
But they should be *even more* careful about what they permit and they shouldn't make dramatic behaviour changes occurring by default without heavy debate (and if you upgrade from an old version, rather than clean install, it should certainly say "This is a behaviour change, do you want it?
" - probably defaulting to no.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30179280</id>
	<title>Re:Attitude</title>
	<author>Antique Geekmeister</author>
	<datestamp>1258719300000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>This is something you fix by using sudo. Now, sudo needs a good GUI: a better policy model for \_sudo\_ setups would be a good use of these developers' time.</p></htmltext>
<tokenext>This is something you fix by using sudo .
Now , sudo needs a good GUI : a better policy model for \ _sudo \ _ setups would be a good use of these developers ' time .</tokentext>
<sentencetext>This is something you fix by using sudo.
Now, sudo needs a good GUI: a better policy model for \_sudo\_ setups would be a good use of these developers' time.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30175178</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30172412</id>
	<title>Re:Controversial controversy</title>
	<author>AdamWill</author>
	<datestamp>1258738320000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p><div class="quote"><p>Do<nobr> <wbr></nobr>/. writers get paid by "controversy"?</p></div><p>I submitted the initial story, but they edited it a bit a before publication. I'm \_sure\_ it didn't have three 'controvers*' in it, but I can't prove it to you, I didn't keep a copy of my submission. It \_was\_ pretty late last night. Usually I'd shoot myself in the head before writing something that inelegant.<nobr> <wbr></nobr>:)</p></div>
	</htmltext>
<tokenext>Do / .
writers get paid by " controversy " ? I submitted the initial story , but they edited it a bit a before publication .
I 'm \ _sure \ _ it did n't have three 'controvers * ' in it , but I ca n't prove it to you , I did n't keep a copy of my submission .
It \ _was \ _ pretty late last night .
Usually I 'd shoot myself in the head before writing something that inelegant .
: )</tokentext>
<sentencetext>Do /.
writers get paid by "controversy"?I submitted the initial story, but they edited it a bit a before publication.
I'm \_sure\_ it didn't have three 'controvers*' in it, but I can't prove it to you, I didn't keep a copy of my submission.
It \_was\_ pretty late last night.
Usually I'd shoot myself in the head before writing something that inelegant.
:)
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30170922</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30173848</id>
	<title>Re:To quote Richard Hughes:</title>
	<author>MSG</author>
	<datestamp>1258743420000</datestamp>
	<modclass>Insightful</modclass>
	<modscore>2</modscore>
	<htmltext><p>I don't see how most of those quote could be considered trolling, but especially this:</p><p><div class="quote"><p># "There are other, *easier*, ways of rooting the system. "</p></div><p>That's totally accurate.  The policy previously allowed users who were logged in to the local console to install signed packages from a repository.  No one would claim that there are no security vulnerabilities in packages within the default repositories, but they tend to be fixed very quickly after they are found, so the window for exploit using this mechanism is extremely small.  People do have legitimate reasons why they wouldn't want this policy (in shared PC environments), but security is hardly one of them.  Users who have physical access to a computer can compromise it far more easily than waiting for a vulnerability to be found in a package that isn't installed, installing that package before an update is issued, and exploiting the vulnerability.</p></div>
	</htmltext>
<tokenext>I do n't see how most of those quote could be considered trolling , but especially this : # " There are other , * easier * , ways of rooting the system .
" That 's totally accurate .
The policy previously allowed users who were logged in to the local console to install signed packages from a repository .
No one would claim that there are no security vulnerabilities in packages within the default repositories , but they tend to be fixed very quickly after they are found , so the window for exploit using this mechanism is extremely small .
People do have legitimate reasons why they would n't want this policy ( in shared PC environments ) , but security is hardly one of them .
Users who have physical access to a computer can compromise it far more easily than waiting for a vulnerability to be found in a package that is n't installed , installing that package before an update is issued , and exploiting the vulnerability .</tokentext>
<sentencetext>I don't see how most of those quote could be considered trolling, but especially this:# "There are other, *easier*, ways of rooting the system.
"That's totally accurate.
The policy previously allowed users who were logged in to the local console to install signed packages from a repository.
No one would claim that there are no security vulnerabilities in packages within the default repositories, but they tend to be fixed very quickly after they are found, so the window for exploit using this mechanism is extremely small.
People do have legitimate reasons why they wouldn't want this policy (in shared PC environments), but security is hardly one of them.
Users who have physical access to a computer can compromise it far more easily than waiting for a vulnerability to be found in a package that isn't installed, installing that package before an update is issued, and exploiting the vulnerability.
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30170826</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30173134</id>
	<title>Almost sounds like Ulrich Drepper</title>
	<author>jonaskoelker</author>
	<datestamp>1258740660000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p><div class="quote"><p>"You missed the "in my opinion" line in your reply." [and others]</p></div><p>Heh... I half expected to see Ulrich Drepper's name in the bug discussion (famous for his glibc controversy regarding support for those fishy "Carp Architectures").</p><p>None of that <em>real</em> trolling then, I see<nobr> <wbr></nobr>;-)</p></div>
	</htmltext>
<tokenext>" You missed the " in my opinion " line in your reply .
" [ and others ] Heh... I half expected to see Ulrich Drepper 's name in the bug discussion ( famous for his glibc controversy regarding support for those fishy " Carp Architectures " ) .None of that real trolling then , I see ; - )</tokentext>
<sentencetext>"You missed the "in my opinion" line in your reply.
" [and others]Heh... I half expected to see Ulrich Drepper's name in the bug discussion (famous for his glibc controversy regarding support for those fishy "Carp Architectures").None of that real trolling then, I see ;-)
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30170826</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30180130</id>
	<title>Re:Attitude</title>
	<author>mrmeval</author>
	<datestamp>1258723440000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>No they have not come around, they have grudgingly made the changes people have requested and plan on unchanging this in the future as best I can tell from some of the snarly responses.</p></htmltext>
<tokenext>No they have not come around , they have grudgingly made the changes people have requested and plan on unchanging this in the future as best I can tell from some of the snarly responses .</tokentext>
<sentencetext>No they have not come around, they have grudgingly made the changes people have requested and plan on unchanging this in the future as best I can tell from some of the snarly responses.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30170486</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30172382</id>
	<title>Re:At the risk of being flamed to hell</title>
	<author>foobat</author>
	<datestamp>1258738200000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>someone mod this person up now.</p><p>I currently have a ticket open requiring the root password because "the user can't do what they want" or something similar. I tried to explain using sudo to them, but this seems beyond them. If i give them the root password it gets written onto a postit note on their monitor.</p></htmltext>
<tokenext>someone mod this person up now.I currently have a ticket open requiring the root password because " the user ca n't do what they want " or something similar .
I tried to explain using sudo to them , but this seems beyond them .
If i give them the root password it gets written onto a postit note on their monitor .</tokentext>
<sentencetext>someone mod this person up now.I currently have a ticket open requiring the root password because "the user can't do what they want" or something similar.
I tried to explain using sudo to them, but this seems beyond them.
If i give them the root password it gets written onto a postit note on their monitor.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30170586</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30171306</id>
	<title>Re:Never really thought this needed changing</title>
	<author>digitalhermit</author>
	<datestamp>1258733700000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>I agree with you completely that requiring root or sudo access is a good thing but  the beauty of Unix and Linux is that I can install software without root privileges rather easily.  Whether I extract a tarball into a fakeroot directory in my home dir or specify the same with rpm (or an rpmmacros file), it's usually trivial to install packages. What's not so trivial is to change the configuration of the host system. And I agree with you completely that requiring root or sudo access is a good thing.</p><p>This means I can install my dev environment, scripts, etc.. But if I, say, install a torrent client then *on a properly configured system* I won't get it to work.  I.e., I have freedom to use the system without breaking anything. And that's a pretty good feeling knowing that I can't harm anything if I don't su to root.</p><p>Sure, there are exceptions, but for the most part I prefer the Unix way than the Microsoft way.</p></htmltext>
<tokenext>I agree with you completely that requiring root or sudo access is a good thing but the beauty of Unix and Linux is that I can install software without root privileges rather easily .
Whether I extract a tarball into a fakeroot directory in my home dir or specify the same with rpm ( or an rpmmacros file ) , it 's usually trivial to install packages .
What 's not so trivial is to change the configuration of the host system .
And I agree with you completely that requiring root or sudo access is a good thing.This means I can install my dev environment , scripts , etc.. But if I , say , install a torrent client then * on a properly configured system * I wo n't get it to work .
I.e. , I have freedom to use the system without breaking anything .
And that 's a pretty good feeling knowing that I ca n't harm anything if I do n't su to root.Sure , there are exceptions , but for the most part I prefer the Unix way than the Microsoft way .</tokentext>
<sentencetext>I agree with you completely that requiring root or sudo access is a good thing but  the beauty of Unix and Linux is that I can install software without root privileges rather easily.
Whether I extract a tarball into a fakeroot directory in my home dir or specify the same with rpm (or an rpmmacros file), it's usually trivial to install packages.
What's not so trivial is to change the configuration of the host system.
And I agree with you completely that requiring root or sudo access is a good thing.This means I can install my dev environment, scripts, etc.. But if I, say, install a torrent client then *on a properly configured system* I won't get it to work.
I.e., I have freedom to use the system without breaking anything.
And that's a pretty good feeling knowing that I can't harm anything if I don't su to root.Sure, there are exceptions, but for the most part I prefer the Unix way than the Microsoft way.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30170564</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30170638</id>
	<title>It's nothing new from them.</title>
	<author>Anonymous</author>
	<datestamp>1258730220000</datestamp>
	<modclass>Flamebait</modclass>
	<modscore>-1</modscore>
	<htmltext><p>The Fedora and Red Hat camp has always been pretty clueless. That's probably why they're one of the most popular distros out there. They've done a great job at appealing to the morons and fucktards of the Linux community.</p><p>Had somebody within the Debian, Slackware, FreeBSD, NetBSD, OpenBSD, or OpenSolaris communities suggested what Fedora implemented, they would have been publicly humiliated and disgraced forever on mailing lists and newsgroups.</p><p>I can just imagine Theo tearing some idiot five or six new assholes just for even suggesting the idea, let alone actually doing it.</p></htmltext>
<tokenext>The Fedora and Red Hat camp has always been pretty clueless .
That 's probably why they 're one of the most popular distros out there .
They 've done a great job at appealing to the morons and fucktards of the Linux community.Had somebody within the Debian , Slackware , FreeBSD , NetBSD , OpenBSD , or OpenSolaris communities suggested what Fedora implemented , they would have been publicly humiliated and disgraced forever on mailing lists and newsgroups.I can just imagine Theo tearing some idiot five or six new assholes just for even suggesting the idea , let alone actually doing it .</tokentext>
<sentencetext>The Fedora and Red Hat camp has always been pretty clueless.
That's probably why they're one of the most popular distros out there.
They've done a great job at appealing to the morons and fucktards of the Linux community.Had somebody within the Debian, Slackware, FreeBSD, NetBSD, OpenBSD, or OpenSolaris communities suggested what Fedora implemented, they would have been publicly humiliated and disgraced forever on mailing lists and newsgroups.I can just imagine Theo tearing some idiot five or six new assholes just for even suggesting the idea, let alone actually doing it.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30170486</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30177206</id>
	<title>Re:Never really thought this needed changing</title>
	<author>K.Bu</author>
	<datestamp>1258711500000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>By the way, if you read the fedora bug mailing list, or if you were a security practionner, you would know that nowadays, the<nobr> <wbr></nobr>/home/$Username is all the worm writers really cares about. That and running an SMTP daemon, over port 1024 need it be.

Basically, the power for a normal unix user to run and install program , even networked daemon, if only given a compiler is my biggest headache now...

I like to challenge Linux lovers, how to you prevent this in a non "I have all the time of the world in my parent's basement" way ?

SELINUX ? MAC security model ? Please I am speaking corporate security, US or fedex postal style, where $$$ is money

Sure thing I just love Linux for central servers without any user interactions. I keep kiling Sun Solaris wherever i see it for Redhat

But Windows, with their "no freaking right to do anything" as a domain limited user, is still easier to secure than a Linux desktop (we tried Novell, what a freaking horrible mistake, only german loved it)

Speaking from a 300 000 people company strategic overview (1st european, 2nd in the world). Yep, it is Windows 7 versus Ubuntu decision strategic thinking time... Sure Windows XP is still the reference around here, Linux (ubuntu really) got a lot a stuff going for it, but security is not one of them as much as you could think</htmltext>
<tokenext>By the way , if you read the fedora bug mailing list , or if you were a security practionner , you would know that nowadays , the /home/ $ Username is all the worm writers really cares about .
That and running an SMTP daemon , over port 1024 need it be .
Basically , the power for a normal unix user to run and install program , even networked daemon , if only given a compiler is my biggest headache now.. . I like to challenge Linux lovers , how to you prevent this in a non " I have all the time of the world in my parent 's basement " way ?
SELINUX ?
MAC security model ?
Please I am speaking corporate security , US or fedex postal style , where $ $ $ is money Sure thing I just love Linux for central servers without any user interactions .
I keep kiling Sun Solaris wherever i see it for Redhat But Windows , with their " no freaking right to do anything " as a domain limited user , is still easier to secure than a Linux desktop ( we tried Novell , what a freaking horrible mistake , only german loved it ) Speaking from a 300 000 people company strategic overview ( 1st european , 2nd in the world ) .
Yep , it is Windows 7 versus Ubuntu decision strategic thinking time... Sure Windows XP is still the reference around here , Linux ( ubuntu really ) got a lot a stuff going for it , but security is not one of them as much as you could think</tokentext>
<sentencetext>By the way, if you read the fedora bug mailing list, or if you were a security practionner, you would know that nowadays, the /home/$Username is all the worm writers really cares about.
That and running an SMTP daemon, over port 1024 need it be.
Basically, the power for a normal unix user to run and install program , even networked daemon, if only given a compiler is my biggest headache now...

I like to challenge Linux lovers, how to you prevent this in a non "I have all the time of the world in my parent's basement" way ?
SELINUX ?
MAC security model ?
Please I am speaking corporate security, US or fedex postal style, where $$$ is money

Sure thing I just love Linux for central servers without any user interactions.
I keep kiling Sun Solaris wherever i see it for Redhat

But Windows, with their "no freaking right to do anything" as a domain limited user, is still easier to secure than a Linux desktop (we tried Novell, what a freaking horrible mistake, only german loved it)

Speaking from a 300 000 people company strategic overview (1st european, 2nd in the world).
Yep, it is Windows 7 versus Ubuntu decision strategic thinking time... Sure Windows XP is still the reference around here, Linux (ubuntu really) got a lot a stuff going for it, but security is not one of them as much as you could think</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30170564</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30170806</id>
	<title>Outrageous</title>
	<author>Anonymous</author>
	<datestamp>1258731180000</datestamp>
	<modclass>Funny</modclass>
	<modscore>3</modscore>
	<htmltext><p>TROLL:<br>Allowing users to conveniently install signed/authorized packages/software.This is LINUX dammit if you're not jumping through hoops to get something done you are DOING IT WRONG!.</p><p>RANT:<br>Non-root users will destroy EVERYTHING that's why they must be frustrated for the sake of SECURITY. That white-listed signed software package must be personally allowed by the head of IT before installation can complete!</p><p>QUOTE:<br>If you give up freedom for security you deserve neither - Thomas Jefferson -</p><p>SENSIBLE RESPONSE:<br>Fedora caved in to a knee-jerk reaction. The compromise should of been allowing admin's to white-list a subset of the signed packages that they want to allow all users unrestricted access to. The year of unnecessary security is upon us.</p></div>
	</htmltext>
<tokenext>TROLL : Allowing users to conveniently install signed/authorized packages/software.This is LINUX dammit if you 're not jumping through hoops to get something done you are DOING IT WRONG ! .RANT : Non-root users will destroy EVERYTHING that 's why they must be frustrated for the sake of SECURITY .
That white-listed signed software package must be personally allowed by the head of IT before installation can complete ! QUOTE : If you give up freedom for security you deserve neither - Thomas Jefferson -SENSIBLE RESPONSE : Fedora caved in to a knee-jerk reaction .
The compromise should of been allowing admin 's to white-list a subset of the signed packages that they want to allow all users unrestricted access to .
The year of unnecessary security is upon us .</tokentext>
<sentencetext>TROLL:Allowing users to conveniently install signed/authorized packages/software.This is LINUX dammit if you're not jumping through hoops to get something done you are DOING IT WRONG!.RANT:Non-root users will destroy EVERYTHING that's why they must be frustrated for the sake of SECURITY.
That white-listed signed software package must be personally allowed by the head of IT before installation can complete!QUOTE:If you give up freedom for security you deserve neither - Thomas Jefferson -SENSIBLE RESPONSE:Fedora caved in to a knee-jerk reaction.
The compromise should of been allowing admin's to white-list a subset of the signed packages that they want to allow all users unrestricted access to.
The year of unnecessary security is upon us.
	</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30170514</id>
	<title>That was close...</title>
	<author>Jawn98685</author>
	<datestamp>1258729500000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p><nobr> <wbr></nobr></p><div class="quote"><p>...the package maintainers have agreed that the controversial policy will be tightened to require root authentication for trusted package installation.</p> </div><p>Wow. Thank goodness those guys "discovered" that allowing non-root users to do dangerous things to the OS/application stack was a bad idea and "agreed" to lock it down. We might have had some serious problems there. (roll eyes)
<br>
WTF? How on gawds green earth did this happen in the first place?</p></div>
	</htmltext>
<tokenext>...the package maintainers have agreed that the controversial policy will be tightened to require root authentication for trusted package installation .
Wow. Thank goodness those guys " discovered " that allowing non-root users to do dangerous things to the OS/application stack was a bad idea and " agreed " to lock it down .
We might have had some serious problems there .
( roll eyes ) WTF ?
How on gawds green earth did this happen in the first place ?</tokentext>
<sentencetext> ...the package maintainers have agreed that the controversial policy will be tightened to require root authentication for trusted package installation.
Wow. Thank goodness those guys "discovered" that allowing non-root users to do dangerous things to the OS/application stack was a bad idea and "agreed" to lock it down.
We might have had some serious problems there.
(roll eyes)

WTF?
How on gawds green earth did this happen in the first place?
	</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30196556</id>
	<title>Re:Tempest in a teapot</title>
	<author>petrus4</author>
	<datestamp>1258886820000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p><div class="quote"><p>Instead you'd do CentOS 5 or Ubuntu LTS.</p></div><p>CentOS maybe, but instead of Ubuntu, a smart admin who doesn't want hardware problems in particular is going to use Arch.</p><p>Ubuntu is not stable.</p></div>
	</htmltext>
<tokenext>Instead you 'd do CentOS 5 or Ubuntu LTS.CentOS maybe , but instead of Ubuntu , a smart admin who does n't want hardware problems in particular is going to use Arch.Ubuntu is not stable .</tokentext>
<sentencetext>Instead you'd do CentOS 5 or Ubuntu LTS.CentOS maybe, but instead of Ubuntu, a smart admin who doesn't want hardware problems in particular is going to use Arch.Ubuntu is not stable.
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30171360</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30171002</id>
	<title>Re:Attitude</title>
	<author>Anonymous</author>
	<datestamp>1258732140000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>I am glad that developers tried to justify their correctness.  It took some time to get to where we could see what we could agree upon.  We also have a better understanding of the desktop environment now.  Just one more necessary step towards world domination of desktop linux.</p></htmltext>
<tokenext>I am glad that developers tried to justify their correctness .
It took some time to get to where we could see what we could agree upon .
We also have a better understanding of the desktop environment now .
Just one more necessary step towards world domination of desktop linux .</tokentext>
<sentencetext>I am glad that developers tried to justify their correctness.
It took some time to get to where we could see what we could agree upon.
We also have a better understanding of the desktop environment now.
Just one more necessary step towards world domination of desktop linux.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30170486</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30175568</id>
	<title>Re:Tempest in a teapot</title>
	<author>jim\_v2000</author>
	<datestamp>1258748880000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>Don't you be bringing the obvious logic into this discussion!</htmltext>
<tokenext>Do n't you be bringing the obvious logic into this discussion !</tokentext>
<sentencetext>Don't you be bringing the obvious logic into this discussion!</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30171360</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30171132</id>
	<title>Re:Finally!</title>
	<author>Anonymous</author>
	<datestamp>1258732740000</datestamp>
	<modclass>Insightful</modclass>
	<modscore>1</modscore>
	<htmltext><p>I actually think the devs originally had it right to some degree. At least the problem they point out is real:</p><p>"From a more general perspective, the end effect of putting up a lot of<br>dialogs:</p><p>Root password [           ]<br>[  OK   ]</p><p>is that you are training users to blindly enter the root password and<br>hit OK, *not* something that enhances the overall security of the<br>system."</p><p>Most of the times I have fixed a worm infested windows machine of a friend it wasn't an exploit that was to blame but the person had installed it themselves. Devs have trained users to respond to a password box in the following way: Type in their password and press enter.</p><p>Now if my flatmates/friends were used to installing software from the official repos without being prompted for root then if they were prompted it would have some effect. Possibly make them give me a call first.</p></htmltext>
<tokenext>I actually think the devs originally had it right to some degree .
At least the problem they point out is real : " From a more general perspective , the end effect of putting up a lot ofdialogs : Root password [ ] [ OK ] is that you are training users to blindly enter the root password andhit OK , * not * something that enhances the overall security of thesystem .
" Most of the times I have fixed a worm infested windows machine of a friend it was n't an exploit that was to blame but the person had installed it themselves .
Devs have trained users to respond to a password box in the following way : Type in their password and press enter.Now if my flatmates/friends were used to installing software from the official repos without being prompted for root then if they were prompted it would have some effect .
Possibly make them give me a call first .</tokentext>
<sentencetext>I actually think the devs originally had it right to some degree.
At least the problem they point out is real:"From a more general perspective, the end effect of putting up a lot ofdialogs:Root password [           ][  OK   ]is that you are training users to blindly enter the root password andhit OK, *not* something that enhances the overall security of thesystem.
"Most of the times I have fixed a worm infested windows machine of a friend it wasn't an exploit that was to blame but the person had installed it themselves.
Devs have trained users to respond to a password box in the following way: Type in their password and press enter.Now if my flatmates/friends were used to installing software from the official repos without being prompted for root then if they were prompted it would have some effect.
Possibly make them give me a call first.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30170396</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30173738</id>
	<title>Re:And the announcement got it wrong</title>
	<author>MSG</author>
	<datestamp>1258743060000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>The announcement is correct.  PackageKit requires the root password, not the user's own, to add or update packages from the local console.</p></htmltext>
<tokenext>The announcement is correct .
PackageKit requires the root password , not the user 's own , to add or update packages from the local console .</tokentext>
<sentencetext>The announcement is correct.
PackageKit requires the root password, not the user's own, to add or update packages from the local console.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30171008</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30172506</id>
	<title>Re:At the risk of being flamed to hell</title>
	<author>mejogid</author>
	<datestamp>1258738680000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>Users have always had the ability to run apps in their home directory that *run with user privileges*.  As this stands, there's nothing to stop a script installing a daemon that runs as root with a known exploit and running that exploit.  If the application is within the user's home directory, there's no chance of it having privileges beyond that of the user in a properly configured system.</htmltext>
<tokenext>Users have always had the ability to run apps in their home directory that * run with user privileges * .
As this stands , there 's nothing to stop a script installing a daemon that runs as root with a known exploit and running that exploit .
If the application is within the user 's home directory , there 's no chance of it having privileges beyond that of the user in a properly configured system .</tokentext>
<sentencetext>Users have always had the ability to run apps in their home directory that *run with user privileges*.
As this stands, there's nothing to stop a script installing a daemon that runs as root with a known exploit and running that exploit.
If the application is within the user's home directory, there's no chance of it having privileges beyond that of the user in a properly configured system.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30170724</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30170826</id>
	<title>To quote Richard Hughes:</title>
	<author>Anonymous</author>
	<datestamp>1258731300000</datestamp>
	<modclass>Informativ</modclass>
	<modscore>4</modscore>
	<htmltext><p>To quote Richard Hughes, the developer responsible for the braindeadness in the first place, and repeatedly trying to brag his competency of being a dickhead in the bugzilla(<a href="https://bugzilla.redhat.com/show\_bug.cgi?id=534047" title="redhat.com" rel="nofollow">https://bugzilla.redhat.com/show\_bug.cgi?id=534047</a> [redhat.com]).:</p><blockquote><div><p>Every time somebody writes "Linux is about choice" something inside of me dies. Just because something can be done, doesn&rsquo;t mean it should be done.</p></div></blockquote><p>Source: <a href="http://blogs.gnome.org/hughsie/2009/09/23/linux-is-about-choice/" title="gnome.org" rel="nofollow">http://blogs.gnome.org/hughsie/2009/09/23/linux-is-about-choice/</a> [gnome.org] </p><p>It seems that he interpreted his own words as "Just because you can do something, doesn&rsquo;t mean you should do it. But for me, I can fucking make whatever 'choice' and screw everybody else. Bwahahaha!"</p><p>And his recent rants:</p><blockquote><div><p>And so, long story short, we decided to revert the change for F12.</p><p>Part of being an open source maintainer (and also my job at Red Hat) is to ignore trolls, but some of the messages I was getting yesterday were just personal attacks and abuse. That&rsquo;s not cricket at all.</p></div> </blockquote><p>(Source: <a href="http://blogs.gnome.org/hughsie/2009/11/20/the-fedora-12-installing-saga/" title="gnome.org" rel="nofollow">http://blogs.gnome.org/hughsie/2009/11/20/the-fedora-12-installing-saga/</a> [gnome.org])</p><p>But he was the one who was being a troll first. Quotes from the bugzilla:</p><ul>
<li>"It's not insecure. We've had the mechanism checked. The default policy may not be to your taste, but this is the "desktop" spin, not the "server" spin.
" (btw, the two "spins" don't actually exist. --ed)</li><li>"There's nothing to discuss here."</li><li>"You either trust the Fedora repos or you don't."</li><li>"I don't particularly care how UNIX has always worked."</li><li>"You missed the "in my opinion" line in your reply."</li><li>"There are other, *easier*, ways of rooting the system.
"</li></ul><p>Now, I'm wondering how on earth did someone got a job for being a devtroll. Red Hat pays him to develop, but trolling the bugzilla? I don't remember anyone "attacking him personally" on the bugzilla. I wasn't following the mailing lists though.</p><p>And he now seemed hurt because the users actually bothered to donate their own time correcting his mistake.</p><p>Grow up.</p></div>
	</htmltext>
<tokenext>To quote Richard Hughes , the developer responsible for the braindeadness in the first place , and repeatedly trying to brag his competency of being a dickhead in the bugzilla ( https : //bugzilla.redhat.com/show \ _bug.cgi ? id = 534047 [ redhat.com ] ) .
: Every time somebody writes " Linux is about choice " something inside of me dies .
Just because something can be done , doesn    t mean it should be done.Source : http : //blogs.gnome.org/hughsie/2009/09/23/linux-is-about-choice/ [ gnome.org ] It seems that he interpreted his own words as " Just because you can do something , doesn    t mean you should do it .
But for me , I can fucking make whatever 'choice ' and screw everybody else .
Bwahahaha ! " And his recent rants : And so , long story short , we decided to revert the change for F12.Part of being an open source maintainer ( and also my job at Red Hat ) is to ignore trolls , but some of the messages I was getting yesterday were just personal attacks and abuse .
That    s not cricket at all .
( Source : http : //blogs.gnome.org/hughsie/2009/11/20/the-fedora-12-installing-saga/ [ gnome.org ] ) But he was the one who was being a troll first .
Quotes from the bugzilla : " It 's not insecure .
We 've had the mechanism checked .
The default policy may not be to your taste , but this is the " desktop " spin , not the " server " spin .
" ( btw , the two " spins " do n't actually exist .
--ed ) " There 's nothing to discuss here .
" " You either trust the Fedora repos or you do n't .
" " I do n't particularly care how UNIX has always worked .
" " You missed the " in my opinion " line in your reply .
" " There are other , * easier * , ways of rooting the system .
" Now , I 'm wondering how on earth did someone got a job for being a devtroll .
Red Hat pays him to develop , but trolling the bugzilla ?
I do n't remember anyone " attacking him personally " on the bugzilla .
I was n't following the mailing lists though.And he now seemed hurt because the users actually bothered to donate their own time correcting his mistake.Grow up .</tokentext>
<sentencetext>To quote Richard Hughes, the developer responsible for the braindeadness in the first place, and repeatedly trying to brag his competency of being a dickhead in the bugzilla(https://bugzilla.redhat.com/show\_bug.cgi?id=534047 [redhat.com]).
:Every time somebody writes "Linux is about choice" something inside of me dies.
Just because something can be done, doesn’t mean it should be done.Source: http://blogs.gnome.org/hughsie/2009/09/23/linux-is-about-choice/ [gnome.org] It seems that he interpreted his own words as "Just because you can do something, doesn’t mean you should do it.
But for me, I can fucking make whatever 'choice' and screw everybody else.
Bwahahaha!"And his recent rants:And so, long story short, we decided to revert the change for F12.Part of being an open source maintainer (and also my job at Red Hat) is to ignore trolls, but some of the messages I was getting yesterday were just personal attacks and abuse.
That’s not cricket at all.
(Source: http://blogs.gnome.org/hughsie/2009/11/20/the-fedora-12-installing-saga/ [gnome.org])But he was the one who was being a troll first.
Quotes from the bugzilla:
"It's not insecure.
We've had the mechanism checked.
The default policy may not be to your taste, but this is the "desktop" spin, not the "server" spin.
" (btw, the two "spins" don't actually exist.
--ed)"There's nothing to discuss here.
""You either trust the Fedora repos or you don't.
""I don't particularly care how UNIX has always worked.
""You missed the "in my opinion" line in your reply.
""There are other, *easier*, ways of rooting the system.
"Now, I'm wondering how on earth did someone got a job for being a devtroll.
Red Hat pays him to develop, but trolling the bugzilla?
I don't remember anyone "attacking him personally" on the bugzilla.
I wasn't following the mailing lists though.And he now seemed hurt because the users actually bothered to donate their own time correcting his mistake.Grow up.
	</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30172368</id>
	<title>Re:Outrageous</title>
	<author>AdamWill</author>
	<datestamp>1258738140000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>"The compromise should of been allowing admin's to white-list a subset of the signed packages that they want to allow all users unrestricted access to."</p><p>if the admin's going to go to all the trouble of whitelisting a subset of signed packages, why not just...install them? It's not like disk space is expensive. Also, I don't know a lot of admins who would welcome the prospect of trying to evaluate a list of around 10,000 packages as a great way to spend their weekend...</p></htmltext>
<tokenext>" The compromise should of been allowing admin 's to white-list a subset of the signed packages that they want to allow all users unrestricted access to .
" if the admin 's going to go to all the trouble of whitelisting a subset of signed packages , why not just...install them ?
It 's not like disk space is expensive .
Also , I do n't know a lot of admins who would welcome the prospect of trying to evaluate a list of around 10,000 packages as a great way to spend their weekend.. .</tokentext>
<sentencetext>"The compromise should of been allowing admin's to white-list a subset of the signed packages that they want to allow all users unrestricted access to.
"if the admin's going to go to all the trouble of whitelisting a subset of signed packages, why not just...install them?
It's not like disk space is expensive.
Also, I don't know a lot of admins who would welcome the prospect of trying to evaluate a list of around 10,000 packages as a great way to spend their weekend...</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30170806</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30170606</id>
	<title>Re:Finally!</title>
	<author>Anonymous</author>
	<datestamp>1258729980000</datestamp>
	<modclass>Funny</modclass>
	<modscore>5</modscore>
	<htmltext>I mean come on!<br>
It took like a whole 24hrs from when a story was posted on slashdot.<br>
What are they Microsoft?<br>
Bunch of dirty hippie linux slackers</htmltext>
<tokenext>I mean come on !
It took like a whole 24hrs from when a story was posted on slashdot .
What are they Microsoft ?
Bunch of dirty hippie linux slackers</tokentext>
<sentencetext>I mean come on!
It took like a whole 24hrs from when a story was posted on slashdot.
What are they Microsoft?
Bunch of dirty hippie linux slackers</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30170396</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30173368</id>
	<title>Re:To quote Richard Hughes:</title>
	<author>Luke has no name</author>
	<datestamp>1258741560000</datestamp>
	<modclass>Insightful</modclass>
	<modscore>2</modscore>
	<htmltext><p>    * "It's not insecure. We've had the mechanism checked. The default policy may not be to your taste, but this is the "desktop" spin, not the "server" spin. " (Fedora = Desktop, RHEL/CentOS = Server)<br>
&nbsp; &nbsp; &nbsp; &nbsp; * "You either trust the Fedora repos or you don't." (This is true. Either you trust Fedoraproject to keep malicious packages out of the repos, or you do not. Therefore, a trust of the default repos wouldn't be so bad)<br>
&nbsp; &nbsp; &nbsp; &nbsp; * "I don't particularly care how UNIX has always worked." (A little bit of a troll, but Linux has no qualms showing that they deviate from Unix (LSB, for example.)<br>
&nbsp; &nbsp; &nbsp; &nbsp; * "You missed the "in my opinion" line in your reply." (Troll)<br>
&nbsp; &nbsp; &nbsp; &nbsp; * "There are other, *easier*, ways of rooting the system. " (true)</p><p>He has some valid points. I thought the idea was a good one, but I suppose I'm in the minority.</p></htmltext>
<tokenext>* " It 's not insecure .
We 've had the mechanism checked .
The default policy may not be to your taste , but this is the " desktop " spin , not the " server " spin .
" ( Fedora = Desktop , RHEL/CentOS = Server )         * " You either trust the Fedora repos or you do n't .
" ( This is true .
Either you trust Fedoraproject to keep malicious packages out of the repos , or you do not .
Therefore , a trust of the default repos would n't be so bad )         * " I do n't particularly care how UNIX has always worked .
" ( A little bit of a troll , but Linux has no qualms showing that they deviate from Unix ( LSB , for example .
)         * " You missed the " in my opinion " line in your reply .
" ( Troll )         * " There are other , * easier * , ways of rooting the system .
" ( true ) He has some valid points .
I thought the idea was a good one , but I suppose I 'm in the minority .</tokentext>
<sentencetext>    * "It's not insecure.
We've had the mechanism checked.
The default policy may not be to your taste, but this is the "desktop" spin, not the "server" spin.
" (Fedora = Desktop, RHEL/CentOS = Server)
        * "You either trust the Fedora repos or you don't.
" (This is true.
Either you trust Fedoraproject to keep malicious packages out of the repos, or you do not.
Therefore, a trust of the default repos wouldn't be so bad)
        * "I don't particularly care how UNIX has always worked.
" (A little bit of a troll, but Linux has no qualms showing that they deviate from Unix (LSB, for example.
)
        * "You missed the "in my opinion" line in your reply.
" (Troll)
        * "There are other, *easier*, ways of rooting the system.
" (true)He has some valid points.
I thought the idea was a good one, but I suppose I'm in the minority.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30170826</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30174106</id>
	<title>Re:Outrageous</title>
	<author>nametaken</author>
	<datestamp>1258744260000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>Wow, that about covers it.  WAY TO GO BUDDY... now I have to go back to work.</p></htmltext>
<tokenext>Wow , that about covers it .
WAY TO GO BUDDY... now I have to go back to work .</tokentext>
<sentencetext>Wow, that about covers it.
WAY TO GO BUDDY... now I have to go back to work.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30170806</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30170486</id>
	<title>Attitude</title>
	<author>Anonymous</author>
	<datestamp>1258729380000</datestamp>
	<modclass>Insightful</modclass>
	<modscore>5</modscore>
	<htmltext>What really got me about this one was the attitude some developers had<nobr> <wbr></nobr>... constantly trying to justify their correctness, despite the huge backlash from users.  I feel the trust relationship is kinda broken<nobr> <wbr></nobr>... but at least they finally came around and listened.</htmltext>
<tokenext>What really got me about this one was the attitude some developers had ... constantly trying to justify their correctness , despite the huge backlash from users .
I feel the trust relationship is kinda broken ... but at least they finally came around and listened .</tokentext>
<sentencetext>What really got me about this one was the attitude some developers had ... constantly trying to justify their correctness, despite the huge backlash from users.
I feel the trust relationship is kinda broken ... but at least they finally came around and listened.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30175178</id>
	<title>Re:Attitude</title>
	<author>jim\_v2000</author>
	<datestamp>1258747680000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>Well, the developers were right and sadly had to put up with the security paranoia crowd.  If you RTFA, you'll see that the reason that they wanted to do the no password for signed packages was because if you always have to type in your password to install something, after awhile you just get in the habit of typing in your password whenever that little window pops up.  Their idea was that if password prompts are much more rare, you're more likely to pay attention.
<br> <br>
The whole "OMG THE USERS WILL HAX0R THE MACHINES" argument is utter nonsense.  If you're managing a machine for multiple users, then you should be savvy enough to disable the no password installs.</htmltext>
<tokenext>Well , the developers were right and sadly had to put up with the security paranoia crowd .
If you RTFA , you 'll see that the reason that they wanted to do the no password for signed packages was because if you always have to type in your password to install something , after awhile you just get in the habit of typing in your password whenever that little window pops up .
Their idea was that if password prompts are much more rare , you 're more likely to pay attention .
The whole " OMG THE USERS WILL HAX0R THE MACHINES " argument is utter nonsense .
If you 're managing a machine for multiple users , then you should be savvy enough to disable the no password installs .</tokentext>
<sentencetext>Well, the developers were right and sadly had to put up with the security paranoia crowd.
If you RTFA, you'll see that the reason that they wanted to do the no password for signed packages was because if you always have to type in your password to install something, after awhile you just get in the habit of typing in your password whenever that little window pops up.
Their idea was that if password prompts are much more rare, you're more likely to pay attention.
The whole "OMG THE USERS WILL HAX0R THE MACHINES" argument is utter nonsense.
If you're managing a machine for multiple users, then you should be savvy enough to disable the no password installs.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30170486</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30181762</id>
	<title>Re:Attitude</title>
	<author>ByOhTek</author>
	<datestamp>1258736580000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>What part of my comment suggested a Windows 95 security mentality? The last line summed it up:</p><blockquote><div><p>At that point, it's basically saying "don't require a password for sudo when installing a package trusted by trusted authority 'xyz'".</p></div></blockquote><p>Are you cognitively incompetent, or just a troll?</p></div>
	</htmltext>
<tokenext>What part of my comment suggested a Windows 95 security mentality ?
The last line summed it up : At that point , it 's basically saying " do n't require a password for sudo when installing a package trusted by trusted authority 'xyz ' " .Are you cognitively incompetent , or just a troll ?</tokentext>
<sentencetext>What part of my comment suggested a Windows 95 security mentality?
The last line summed it up:At that point, it's basically saying "don't require a password for sudo when installing a package trusted by trusted authority 'xyz'".Are you cognitively incompetent, or just a troll?
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30174764</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30171742</id>
	<title>Re:Non-controversial</title>
	<author>taoye</author>
	<datestamp>1258735680000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>What? My dog was installing packages on my computer? No wonder... I didn't think I forgot *that* much about last night to forget where this install of "Poodles Gone Wild" came from.</htmltext>
<tokenext>What ?
My dog was installing packages on my computer ?
No wonder... I did n't think I forgot * that * much about last night to forget where this install of " Poodles Gone Wild " came from .</tokentext>
<sentencetext>What?
My dog was installing packages on my computer?
No wonder... I didn't think I forgot *that* much about last night to forget where this install of "Poodles Gone Wild" came from.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30170676</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30174844</id>
	<title>Re:Never really thought this needed changing</title>
	<author>IntlHarvester</author>
	<datestamp>1258746660000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p><div class="quote"><p>Non-root users can't install in Windows either.</p></div><p>This isn't true, Windows software can copied to your user directory and run with no elevation prompt. (Google Chrome installs this way for example). You can easily test this by putting an EXE on your desktop.</p><p>The real issue is that the multi-user Admin versus User security dichotomy falls apart when the user is also the system's administrator. If you have a system where end users can install software, you can't prevent them from installing malware.</p></div>
	</htmltext>
<tokenext>Non-root users ca n't install in Windows either.This is n't true , Windows software can copied to your user directory and run with no elevation prompt .
( Google Chrome installs this way for example ) .
You can easily test this by putting an EXE on your desktop.The real issue is that the multi-user Admin versus User security dichotomy falls apart when the user is also the system 's administrator .
If you have a system where end users can install software , you ca n't prevent them from installing malware .</tokentext>
<sentencetext>Non-root users can't install in Windows either.This isn't true, Windows software can copied to your user directory and run with no elevation prompt.
(Google Chrome installs this way for example).
You can easily test this by putting an EXE on your desktop.The real issue is that the multi-user Admin versus User security dichotomy falls apart when the user is also the system's administrator.
If you have a system where end users can install software, you can't prevent them from installing malware.
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30171216</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30198248</id>
	<title>Re:At the risk of being flamed to hell</title>
	<author>quantaman</author>
	<datestamp>1258900320000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>Not entirely.</p><p>Depending on the application, and the user, there are a lot of advantages in using applications managed by packaged.</p><p>And while some packages can be easily installed in the user's home directly, others do require / as an install base.</p></htmltext>
<tokenext>Not entirely.Depending on the application , and the user , there are a lot of advantages in using applications managed by packaged.And while some packages can be easily installed in the user 's home directly , others do require / as an install base .</tokentext>
<sentencetext>Not entirely.Depending on the application, and the user, there are a lot of advantages in using applications managed by packaged.And while some packages can be easily installed in the user's home directly, others do require / as an install base.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30170724</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30182868</id>
	<title>Re:Finally!</title>
	<author>nickysn</author>
	<datestamp>1258797240000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>But the update will be very easy to install - no need to even enter the root password<nobr> <wbr></nobr>:)</htmltext>
<tokenext>But the update will be very easy to install - no need to even enter the root password : )</tokentext>
<sentencetext>But the update will be very easy to install - no need to even enter the root password :)</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30170606</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30253528</id>
	<title>Read through the bug report...</title>
	<author>Logic Worshipper</author>
	<datestamp>1259407620000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>And it was worth reading through all comments on the bug report for this...</p><blockquote><div><p>Comment #224 From  Andrew Gormanly:<br>It's a bug in the thought process of the maintainers, which shows up a bug in the security processes of the distro.</p></div></blockquote><p>How perfectly eloquent.</p></div>
	</htmltext>
<tokenext>And it was worth reading through all comments on the bug report for this...Comment # 224 From Andrew Gormanly : It 's a bug in the thought process of the maintainers , which shows up a bug in the security processes of the distro.How perfectly eloquent .</tokentext>
<sentencetext>And it was worth reading through all comments on the bug report for this...Comment #224 From  Andrew Gormanly:It's a bug in the thought process of the maintainers, which shows up a bug in the security processes of the distro.How perfectly eloquent.
	</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30171204</id>
	<title>Re:At the risk of being flamed to hell</title>
	<author>fnj</author>
	<datestamp>1258733220000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>I have one word for software which can be installed without root privelege:</p><p>ActiveX</p></htmltext>
<tokenext>I have one word for software which can be installed without root privelege : ActiveX</tokentext>
<sentencetext>I have one word for software which can be installed without root privelege:ActiveX</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30170586</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30170396</id>
	<title>Finally!</title>
	<author>Rantastic</author>
	<datestamp>1258728780000</datestamp>
	<modclass>Funny</modclass>
	<modscore>3</modscore>
	<htmltext>It's about time they fixed that.</htmltext>
<tokenext>It 's about time they fixed that .</tokentext>
<sentencetext>It's about time they fixed that.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30171396</id>
	<title>only temporary</title>
	<author>Anonymous</author>
	<datestamp>1258734120000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>It looks like they plan on changing it back for upcoming releases.   Tehehehe!  Get out your flame throwers!</p><p><div class="quote"><p>The idea was that the change in PolicyKit would be accompanied by a<br>default set of roles, and a nice user interface for assigning users to<br>roles. Unfortunately, with the constraints of time, it became clear that<br>this all (and especially the GUI) wasn't going to be there for Fedora<br>12. So, PackageKit needed a fixed policy for all users. For each action<br>(install signed packages, install unsigned packages, remove packages,<br>etc.), it needed to allow, deny, or ask for the root password.</p></div><p>and</p><p><div class="quote"><p>In upcoming Fedora releases, we expect to finish both the default set of<br>policy roles and the user interface components to provide the full<br>experience that was originally planned.</p></div><p>So redhat still plans on making this change.  They are just waiting till they implement the GUI to easily change a user's role.</p></div>
	</htmltext>
<tokenext>It looks like they plan on changing it back for upcoming releases .
Tehehehe ! Get out your flame throwers ! The idea was that the change in PolicyKit would be accompanied by adefault set of roles , and a nice user interface for assigning users toroles .
Unfortunately , with the constraints of time , it became clear thatthis all ( and especially the GUI ) was n't going to be there for Fedora12 .
So , PackageKit needed a fixed policy for all users .
For each action ( install signed packages , install unsigned packages , remove packages,etc .
) , it needed to allow , deny , or ask for the root password.andIn upcoming Fedora releases , we expect to finish both the default set ofpolicy roles and the user interface components to provide the fullexperience that was originally planned.So redhat still plans on making this change .
They are just waiting till they implement the GUI to easily change a user 's role .</tokentext>
<sentencetext>It looks like they plan on changing it back for upcoming releases.
Tehehehe!  Get out your flame throwers!The idea was that the change in PolicyKit would be accompanied by adefault set of roles, and a nice user interface for assigning users toroles.
Unfortunately, with the constraints of time, it became clear thatthis all (and especially the GUI) wasn't going to be there for Fedora12.
So, PackageKit needed a fixed policy for all users.
For each action(install signed packages, install unsigned packages, remove packages,etc.
), it needed to allow, deny, or ask for the root password.andIn upcoming Fedora releases, we expect to finish both the default set ofpolicy roles and the user interface components to provide the fullexperience that was originally planned.So redhat still plans on making this change.
They are just waiting till they implement the GUI to easily change a user's role.
	</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30170700</id>
	<title>KPackageKit</title>
	<author>Rik Sweeney</author>
	<datestamp>1258730640000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>I have a similar complaint about KPackageKit. You can optionally choose to make it store your password so that you don't have to type it in when you next install or update packages. That's fair enough, if you trust that no one is going to install anything dodgy then that's OK. What I do take issue with is that this box is checked by default.</p><p>Granted I imagine most people might simply click this anyway but am I the only one who thinks this is a bit of an oversight?</p></htmltext>
<tokenext>I have a similar complaint about KPackageKit .
You can optionally choose to make it store your password so that you do n't have to type it in when you next install or update packages .
That 's fair enough , if you trust that no one is going to install anything dodgy then that 's OK. What I do take issue with is that this box is checked by default.Granted I imagine most people might simply click this anyway but am I the only one who thinks this is a bit of an oversight ?</tokentext>
<sentencetext>I have a similar complaint about KPackageKit.
You can optionally choose to make it store your password so that you don't have to type it in when you next install or update packages.
That's fair enough, if you trust that no one is going to install anything dodgy then that's OK. What I do take issue with is that this box is checked by default.Granted I imagine most people might simply click this anyway but am I the only one who thinks this is a bit of an oversight?</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30175518</id>
	<title>Re:And the announcement got it wrong</title>
	<author>mattdm</author>
	<datestamp>1258748700000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p><div class="quote"><p>This is, of course, wrong. Such local installations are normally done with "sudo", which does not require root passwords.</p></div><p>No. PackageKit will still use PolicyKit. The change is that it will now require "auth\_admin", which does indeed require the input of the root password. (This is like sudo configured with the rootpw flag in sudoers.)</p><p>It would also be possible to configure PolicyKit to require "auth\_self" (or auth\_self\_keep, which remembers that you authenticated for a few minutes), which would provide sudo-like behavior. But that wasn't done.</p><p>So the announcement is right.</p><p>Arguably, the current (i.e., old again) behavior isn't right and a sudo-like setup should be the default -- but that's a FutureFeature.</p></div>
	</htmltext>
<tokenext>This is , of course , wrong .
Such local installations are normally done with " sudo " , which does not require root passwords.No .
PackageKit will still use PolicyKit .
The change is that it will now require " auth \ _admin " , which does indeed require the input of the root password .
( This is like sudo configured with the rootpw flag in sudoers .
) It would also be possible to configure PolicyKit to require " auth \ _self " ( or auth \ _self \ _keep , which remembers that you authenticated for a few minutes ) , which would provide sudo-like behavior .
But that was n't done.So the announcement is right.Arguably , the current ( i.e. , old again ) behavior is n't right and a sudo-like setup should be the default -- but that 's a FutureFeature .</tokentext>
<sentencetext>This is, of course, wrong.
Such local installations are normally done with "sudo", which does not require root passwords.No.
PackageKit will still use PolicyKit.
The change is that it will now require "auth\_admin", which does indeed require the input of the root password.
(This is like sudo configured with the rootpw flag in sudoers.
)It would also be possible to configure PolicyKit to require "auth\_self" (or auth\_self\_keep, which remembers that you authenticated for a few minutes), which would provide sudo-like behavior.
But that wasn't done.So the announcement is right.Arguably, the current (i.e., old again) behavior isn't right and a sudo-like setup should be the default -- but that's a FutureFeature.
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30171008</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30170604</id>
	<title>Even more controversial is the....</title>
	<author>gatkinso</author>
	<datestamp>1258729980000</datestamp>
	<modclass>Offtopic</modclass>
	<modscore>0</modscore>
	<htmltext><p>....photo on www.fedora.org.</p><p>Poor little weiner dog.</p><p>I used to like to go there to see the odd pics, but haven't been in a while.</p></htmltext>
<tokenext>....photo on www.fedora.org.Poor little weiner dog.I used to like to go there to see the odd pics , but have n't been in a while .</tokentext>
<sentencetext>....photo on www.fedora.org.Poor little weiner dog.I used to like to go there to see the odd pics, but haven't been in a while.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30177612</id>
	<title>Re:Attitude</title>
	<author>K.Bu</author>
	<datestamp>1258712760000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>What really scared me is that such an insanity, and inrespectfull change to the 40+ years old Unix security model still made it into  production release of the main community effort of the 1st worldwide Linux vendor !!!

Ouch, what a reputation backclash...

A great way to feed microserfs with arguments against Linux, in a 300 000 desktop swithching war, I expect to hear from it tomorrow. Linux more insecure than Activer Directory limited user accounts....

Thanks great "would be god" damnned developper

Where technical details are irrelevant, and corporate politics is paramount, you sure fucked up a big way... Crappy DevBoy</htmltext>
<tokenext>What really scared me is that such an insanity , and inrespectfull change to the 40 + years old Unix security model still made it into production release of the main community effort of the 1st worldwide Linux vendor ! ! !
Ouch , what a reputation backclash.. . A great way to feed microserfs with arguments against Linux , in a 300 000 desktop swithching war , I expect to hear from it tomorrow .
Linux more insecure than Activer Directory limited user accounts... . Thanks great " would be god " damnned developper Where technical details are irrelevant , and corporate politics is paramount , you sure fucked up a big way... Crappy DevBoy</tokentext>
<sentencetext>What really scared me is that such an insanity, and inrespectfull change to the 40+ years old Unix security model still made it into  production release of the main community effort of the 1st worldwide Linux vendor !!!
Ouch, what a reputation backclash...

A great way to feed microserfs with arguments against Linux, in a 300 000 desktop swithching war, I expect to hear from it tomorrow.
Linux more insecure than Activer Directory limited user accounts....

Thanks great "would be god" damnned developper

Where technical details are irrelevant, and corporate politics is paramount, you sure fucked up a big way... Crappy DevBoy</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30170486</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30175708</id>
	<title>Re:Dunno man, but</title>
	<author>jim\_v2000</author>
	<datestamp>1258749300000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>&gt;An idea this bad should have been squashed 5 minutes after it was proposed instead of being allowed to actually make it into a released distribution.
<br> <br>
Because there should never be any discussion and the security nazis are always right (even when they're wrong and trying to apply server/workstation security concepts out of context).</htmltext>
<tokenext>&gt; An idea this bad should have been squashed 5 minutes after it was proposed instead of being allowed to actually make it into a released distribution .
Because there should never be any discussion and the security nazis are always right ( even when they 're wrong and trying to apply server/workstation security concepts out of context ) .</tokentext>
<sentencetext>&gt;An idea this bad should have been squashed 5 minutes after it was proposed instead of being allowed to actually make it into a released distribution.
Because there should never be any discussion and the security nazis are always right (even when they're wrong and trying to apply server/workstation security concepts out of context).</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30170688</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30173732</id>
	<title>Re:And the announcement got it wrong</title>
	<author>Peter H.S.</author>
	<datestamp>1258743000000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p><i>This is, of course, wrong. Such local installations are normally done with "sudo", which does not require root passwords.</i></p><p>kpackagekit is for those who doesn't install software from the command prompt but prefer a "click-and-drool" interface, so 'sudo' isn't an option.<br>Besides that, 'sudo' has a very coarse security model, you can either install all kinds of software with 'sudo yum/apt/rpm etc' or nothing at all. kpackagekit allows for a much finer and more secure model, like only allowing the user to install signed packages from approved repos when logged in from a local console which can be a good security compromise for some user cases.</p><p>--<br>Regards</p></htmltext>
<tokenext>This is , of course , wrong .
Such local installations are normally done with " sudo " , which does not require root passwords.kpackagekit is for those who does n't install software from the command prompt but prefer a " click-and-drool " interface , so 'sudo ' is n't an option.Besides that , 'sudo ' has a very coarse security model , you can either install all kinds of software with 'sudo yum/apt/rpm etc ' or nothing at all .
kpackagekit allows for a much finer and more secure model , like only allowing the user to install signed packages from approved repos when logged in from a local console which can be a good security compromise for some user cases.--Regards</tokentext>
<sentencetext>This is, of course, wrong.
Such local installations are normally done with "sudo", which does not require root passwords.kpackagekit is for those who doesn't install software from the command prompt but prefer a "click-and-drool" interface, so 'sudo' isn't an option.Besides that, 'sudo' has a very coarse security model, you can either install all kinds of software with 'sudo yum/apt/rpm etc' or nothing at all.
kpackagekit allows for a much finer and more secure model, like only allowing the user to install signed packages from approved repos when logged in from a local console which can be a good security compromise for some user cases.--Regards</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30171008</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30170938</id>
	<title>Placeholder post for obscure and obtuse comments..</title>
	<author>Anonymous</author>
	<datestamp>1258731840000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext>...on a topic that nobody outside of the Linux "community" will care about. Please use a minimum of 1000 words to:

1) Nitpick any or all talking points discussed in TFA to the nth degree.
2) Illustrate your Linux expertise by telling us how it is better than other OS's by providing an example of how you took a task that took 2 hours to do in Windows down to just 20 minutes in Linux.</htmltext>
<tokenext>...on a topic that nobody outside of the Linux " community " will care about .
Please use a minimum of 1000 words to : 1 ) Nitpick any or all talking points discussed in TFA to the nth degree .
2 ) Illustrate your Linux expertise by telling us how it is better than other OS 's by providing an example of how you took a task that took 2 hours to do in Windows down to just 20 minutes in Linux .</tokentext>
<sentencetext>...on a topic that nobody outside of the Linux "community" will care about.
Please use a minimum of 1000 words to:

1) Nitpick any or all talking points discussed in TFA to the nth degree.
2) Illustrate your Linux expertise by telling us how it is better than other OS's by providing an example of how you took a task that took 2 hours to do in Windows down to just 20 minutes in Linux.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30170716</id>
	<title>Re:That was close...</title>
	<author>Anonymous</author>
	<datestamp>1258730700000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext>"Many eyes" missed it.</htmltext>
<tokenext>" Many eyes " missed it .</tokentext>
<sentencetext>"Many eyes" missed it.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30170514</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30173078</id>
	<title>Re:only temporary</title>
	<author>TheCycoONE</author>
	<datestamp>1258740480000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>Good, particularly if it defaults to requiring the root password.</p><p>For those that don't know, Fedora 11 already had an interface where administrators can change whether numerous other actions require a root password (and whether it requires it every time or just the first time.)</p><p>Extending that to include installing signed packages gives the administrator of a system the ability to choose for their system whether they trust users to install packages without contest or not.</p><p>I think the only problem with F12 was that they turned the feature to the less secure option by default.  It didn't help that the interface for changing it was relatively hidden.</p></htmltext>
<tokenext>Good , particularly if it defaults to requiring the root password.For those that do n't know , Fedora 11 already had an interface where administrators can change whether numerous other actions require a root password ( and whether it requires it every time or just the first time .
) Extending that to include installing signed packages gives the administrator of a system the ability to choose for their system whether they trust users to install packages without contest or not.I think the only problem with F12 was that they turned the feature to the less secure option by default .
It did n't help that the interface for changing it was relatively hidden .</tokentext>
<sentencetext>Good, particularly if it defaults to requiring the root password.For those that don't know, Fedora 11 already had an interface where administrators can change whether numerous other actions require a root password (and whether it requires it every time or just the first time.
)Extending that to include installing signed packages gives the administrator of a system the ability to choose for their system whether they trust users to install packages without contest or not.I think the only problem with F12 was that they turned the feature to the less secure option by default.
It didn't help that the interface for changing it was relatively hidden.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30171396</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30177716</id>
	<title>Re:At the risk of being flamed to hell</title>
	<author>K.Bu</author>
	<datestamp>1258713180000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><i>You simply don't need to pollute the system files in order to "install an app" on Unix. That is one of it's key strengths.
</i>
<br>

You mispelled "weakness" somewhere around the end of your sentence.
<br>
Informatics is no more a tool made for smart people, but mass of idiots, with an evil smartass among them...</htmltext>
<tokenext>You simply do n't need to pollute the system files in order to " install an app " on Unix .
That is one of it 's key strengths .
You mispelled " weakness " somewhere around the end of your sentence .
Informatics is no more a tool made for smart people , but mass of idiots , with an evil smartass among them.. .</tokentext>
<sentencetext>You simply don't need to pollute the system files in order to "install an app" on Unix.
That is one of it's key strengths.
You mispelled "weakness" somewhere around the end of your sentence.
Informatics is no more a tool made for smart people, but mass of idiots, with an evil smartass among them...</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30170724</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30177784</id>
	<title>Re:Attitude</title>
	<author>J.Y.Kelly</author>
	<datestamp>1258713420000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><blockquote><div><p>If you RTFA, you'll see that the reason that they wanted to do the no password for signed packages was because if you always have to type in your password to install something, after awhile you just get in the habit of typing in your password whenever that little window pops up.</p></div>
</blockquote><p>
Actually the reason for this is that there is a more fundamental rewrite of the DeviceKit and PackageKit systems in Fedora underway which will eventually allow more flexible allocation of system admin privileges to different classes of user.  This is a good thing.
</p><p>
However - when F12 was released this rewrite was only partially complete.  The backend systems were pretty much all in place but the front end which allows the editing of rules and the assignment of roles had not been written.  Fedora was therefore shipped with a default set of rules.
</p><p>
Under the new system the previous behaviour of asking for the root password, but allowing the option to not be asked for it again in future had been removed (for fear of creating a 'make it up as you go along' security policy).  The decision therefore had to be made to either allow console (not remote) users to install signed packages with no authentication required, or to require the root password for every install.  The developers chose the first option.  This has now been changed to the second option.
</p><p>
I'm kind of ambivalent about the light this sheds on Fedora.  It's a bad thing to have happened, but it was sorted out quickly and there is now much discussion about setting up a firmer security policy so this won't happen again.  Mistakes happen, but as long as they are spotted and corrected then we should all just move along.
</p></div>
	</htmltext>
<tokenext>If you RTFA , you 'll see that the reason that they wanted to do the no password for signed packages was because if you always have to type in your password to install something , after awhile you just get in the habit of typing in your password whenever that little window pops up .
Actually the reason for this is that there is a more fundamental rewrite of the DeviceKit and PackageKit systems in Fedora underway which will eventually allow more flexible allocation of system admin privileges to different classes of user .
This is a good thing .
However - when F12 was released this rewrite was only partially complete .
The backend systems were pretty much all in place but the front end which allows the editing of rules and the assignment of roles had not been written .
Fedora was therefore shipped with a default set of rules .
Under the new system the previous behaviour of asking for the root password , but allowing the option to not be asked for it again in future had been removed ( for fear of creating a 'make it up as you go along ' security policy ) .
The decision therefore had to be made to either allow console ( not remote ) users to install signed packages with no authentication required , or to require the root password for every install .
The developers chose the first option .
This has now been changed to the second option .
I 'm kind of ambivalent about the light this sheds on Fedora .
It 's a bad thing to have happened , but it was sorted out quickly and there is now much discussion about setting up a firmer security policy so this wo n't happen again .
Mistakes happen , but as long as they are spotted and corrected then we should all just move along .</tokentext>
<sentencetext>If you RTFA, you'll see that the reason that they wanted to do the no password for signed packages was because if you always have to type in your password to install something, after awhile you just get in the habit of typing in your password whenever that little window pops up.
Actually the reason for this is that there is a more fundamental rewrite of the DeviceKit and PackageKit systems in Fedora underway which will eventually allow more flexible allocation of system admin privileges to different classes of user.
This is a good thing.
However - when F12 was released this rewrite was only partially complete.
The backend systems were pretty much all in place but the front end which allows the editing of rules and the assignment of roles had not been written.
Fedora was therefore shipped with a default set of rules.
Under the new system the previous behaviour of asking for the root password, but allowing the option to not be asked for it again in future had been removed (for fear of creating a 'make it up as you go along' security policy).
The decision therefore had to be made to either allow console (not remote) users to install signed packages with no authentication required, or to require the root password for every install.
The developers chose the first option.
This has now been changed to the second option.
I'm kind of ambivalent about the light this sheds on Fedora.
It's a bad thing to have happened, but it was sorted out quickly and there is now much discussion about setting up a firmer security policy so this won't happen again.
Mistakes happen, but as long as they are spotted and corrected then we should all just move along.

	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30175178</parent>
</comment>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_11_20_1241231_27</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30172384
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30171028
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_11_20_1241231_30</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30171442
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30170486
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_11_20_1241231_4</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30198248
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30170724
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30170586
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_11_20_1241231_18</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30177784
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30175178
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30170486
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_11_20_1241231_23</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30170666
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30170396
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_11_20_1241231_13</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30172368
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30170806
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_11_20_1241231_15</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30171204
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30170586
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_11_20_1241231_5</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30174844
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30171216
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30170564
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_11_20_1241231_36</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30171960
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30170486
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_11_20_1241231_43</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30170716
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30170514
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_11_20_1241231_39</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30182868
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30170606
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30170396
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_11_20_1241231_42</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30175672
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30170514
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_11_20_1241231_0</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30171306
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30170564
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_11_20_1241231_2</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30173848
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30170826
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_11_20_1241231_33</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30174034
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30170688
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30170514
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_11_20_1241231_16</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30171520
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30170514
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_11_20_1241231_10</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30177206
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30170564
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_11_20_1241231_34</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30173134
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30170826
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_11_20_1241231_8</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30174106
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30170806
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_11_20_1241231_41</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30173718
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30170724
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30170586
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_11_20_1241231_26</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30171248
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30170586
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_11_20_1241231_31</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30175674
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30172302
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30170688
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30170514
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_11_20_1241231_19</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30179280
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30175178
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30170486
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_11_20_1241231_9</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30173738
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30171008
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_11_20_1241231_22</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30173078
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30171396
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_11_20_1241231_6</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30175338
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30170806
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_11_20_1241231_37</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30180130
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30170486
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_11_20_1241231_21</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30175568
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30171360
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_11_20_1241231_17</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30177716
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30170724
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30170586
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_11_20_1241231_20</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30171132
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30170396
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_11_20_1241231_11</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30172506
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30170724
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30170586
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_11_20_1241231_3</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30177612
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30170486
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_11_20_1241231_35</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30173732
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30171008
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_11_20_1241231_12</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30172412
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30170922
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_11_20_1241231_40</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30181762
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30174764
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30170634
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30170486
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_11_20_1241231_14</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30170638
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30170486
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_11_20_1241231_38</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30172382
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30170586
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_11_20_1241231_29</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30196556
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30171360
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_11_20_1241231_1</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30175518
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30171008
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_11_20_1241231_32</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30175708
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30170688
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30170514
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_11_20_1241231_28</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30171002
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30170486
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_11_20_1241231_25</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30171710
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30170606
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30170396
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_11_20_1241231_24</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30173368
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30170826
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_11_20_1241231_7</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30171742
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30170676
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30170514
</commentlist>
</thread>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_11_20_1241231.15</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30170680
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_11_20_1241231.4</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30170922
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30172412
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_11_20_1241231.13</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30171008
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30175518
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30173738
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30173732
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_11_20_1241231.2</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30170486
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30171442
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30171960
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30170638
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30180130
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30177612
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30171002
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30175178
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30177784
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30179280
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30170634
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30174764
---http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30181762
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_11_20_1241231.9</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30171396
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30173078
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_11_20_1241231.7</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30170700
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_11_20_1241231.10</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30170586
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30171248
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30171204
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30170724
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30177716
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30172506
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30173718
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30198248
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30172382
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_11_20_1241231.8</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30170400
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_11_20_1241231.5</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30170396
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30170666
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30170606
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30182868
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30171710
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30171132
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_11_20_1241231.6</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30170514
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30175672
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30170716
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30170688
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30172302
---http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30175674
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30174034
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30175708
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30171520
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30170676
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30171742
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_11_20_1241231.11</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30171028
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30172384
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_11_20_1241231.3</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30171810
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_11_20_1241231.0</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30171360
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30175568
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30196556
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_11_20_1241231.14</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30170564
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30171306
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30177206
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30171216
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30174844
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_11_20_1241231.12</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30170806
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30172368
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30175338
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30174106
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_11_20_1241231.1</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30170826
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30173134
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30173848
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_20_1241231.30173368
</commentlist>
</conversation>
