D12795: Re-allow running Dolphin as the root user (but still not using sudo)
Martin Flöser
noreply at phabricator.kde.org
Sun May 20 20:07:21 BST 2018
graesslin added a comment.
In D12795#265600 <https://phabricator.kde.org/D12795#265600>, @ngraham wrote:
> I've deal with a lot of criticism in my time, Martin. But I have a thick enough skin to avoid taking it personally or letting it affect my judgment. If some jerks send hate mail, that is not a good reason to say "Now I //really// won't do it!" and punishing everyone else over it.
Don't get me wrong. That's not what I'm doing here. I don't want to have a thick skin, I expect people to behave. Nobody would say to my face "you are an asshole for removing this feature". On the Internet people do. If that happens in bug reports I expect users to step up and tell the person. If it happens through google+, reddit or similar things, I report to the hosting provider. If I see that the person is from Germany, I'll consider going to the police (yep insulting is a punishable act in Germany).
What I tend to do is to not punish users for their behavior, instead I do not reward them. I do not give their requests additional attention. It stays in the queue with the many items of "yeah would be nice if we had infinite time". It doesn't affect my judgment, neither to the positive nor to the negative. What I see quite often is that users try to play to get their pet issues to the front of the queue. And that's something I don't reward. Be it through insulting, be it through requesting users to comment on bug, be it to request to tell to you :-)
In this case my judgment is that I would not have implemented the change. But now that we have it, I think it would be more harming to remove it or alter it. We always have to fight for security. We see bullshit recommendations from EFF to not encrypt mails, although PGP is not broken. It's a bad time for security, we need to fight. Thus I have a bad feeling with the thought of weakening the constraints here.
> Again, I am willing to accept breaking the `sudo dolphin` use case because PolKit support is coming (hopefully soon, thanks to @chinmoyr), which does indeed represent a superior alternative. In this case, I will deal with user anger in the short term and attempt to soothe frayed nerves by promising that something better is coming.
>
> But for the root use case, I continue to not see any harm in re-enabling this.
the harm is that you cannot enable it without having ways where it can be run in the user session. I found a hole in your change. That's the problem. The security suffers by giving it to the weird use case.
REPOSITORY
R318 Dolphin
REVISION DETAIL
https://phabricator.kde.org/D12795
To: ngraham, markg, elvisangelaccio, #dolphin
Cc: chinmoyr, cfeck, elvisangelaccio, mmustac, Fuchs, markg, graesslin, nicolasfella, zzag, kfm-devel, emmanuelp, spoorun, navarromorales, isidorov, firef, andrebarros
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.kde.org/mailman/private/kfm-devel/attachments/20180520/dea52232/attachment.htm>
More information about the kfm-devel
mailing list