Request For Candidates: Application Review Board
Scott Kitterman
ubuntu at kitterman.com
Thu Aug 26 17:54:16 BST 2010
On Thursday, August 26, 2010 11:28:27 am Marc Deslauriers wrote:
> On Thu, 2010-08-26 at 11:15 -0400, Luke Faraone wrote:
> > On 08/26/2010 10:59 AM, Marc Deslauriers wrote:
> > > Installing an application with user privileges is a bad idea.
> > > Application software should not be vulnerable to tampering, either
> > > accidentally by the user himself, or by malware running in the user's
> > > security context. This will make the apps installed via the app store
> > > unreliable and susceptible to be trojaned.
> >
> > That makes sense, but we do want to make it possible (most of the time)
> > for unprivledged users to install new applications, as long as those new
> > applications don't provide any avenue for the user to elevate their
> > privledges. Maybe a non-user-controllable / -modifiable, but
> > user-initiated install path would be useful for a certain class of
> > applications. (without publishing the application for all users of the
> > system)
>
> That is exactly the thing we should avoid. We _don't_ want unprivileged
> users to install new applications. On a single user desktop, the user
> already has the necessary privileges to install applications. On a
> multiuser system you may not want the user to have those privileges. I
> have privileges to install applications on my Android phone, why
> shouldn't I require privileges on my desktop?
>
> What exactly is the use case for someone who doesn't have administrative
> control over a computer to be able to install applications?
This is well put and I agree with it. The user in a single user system should
be able to install packages and they can. In multi-user systems it is more
complex and it should be. If the administrator of a multi-user system choses
to allow all users to install packages, they can do that, but it shouldn't be
the default.
I put this in perspective of the only multi-user system at my house, the one
my teenagers use. I definitely don't want them installing stuff.
Scott K
More information about the ubuntu-devel
mailing list