houghi wrote: > I have found out the hard way that you can delete stuff in the wrong > directory. Sure, that happens. Been there... But that can also happen if you are logged in with a password.
> just to look and then by accident delete all of your ~/ So you want to have the password for safety reasons, not for security. Safety: Protection against accidents. Security: Protection against attackers. I don't think Linux is supposed to take care of safety, that is your own business (backup, UPS, fire alarm, earthquake-proof building...). Although it does do that, just think of the KDE trashcan. But reading the Suse Linux 10.0 manual, I ran over the following sentence in section 4.1. The English translation is something like "If your computer has more than one user account, all users have to authenticate." This would fix your objections while still keeping auto login useful for the average Joe. But for some odd reason, I have 2 accounts on this system, and auto login still works. So someone forgot to implement that. Maybe I'll file a bug tomorrow morning. >> Password protection is the feature, not auto login. You need lots of >> additional programs and infrastructure for password protection, auto >> login needs nothing. Think of MS DOS, did that have an auto login >> program? Maybe you should see auto login more as the removal of an >> _unnecessary_ feature... > > You are not really taking MS DOS as an example of why not to use a > password, are you. Certainly not. I was just illustrating that passwords are an add-on feature to the distribution to counter Carl's argument that auto login was an add-on feature. Password protection is a feature that was not present in MS DOS, hence it was auto login. >> Auto login is aimed at the non-technical users, so making it hard to use >> makes it useless. Btw, a good distribution should _reduce_ the effort it >> takes to do things, not increase it. And maybe include a few warning >> signs for the unwary. But with auto login you do not need to be a >> computer expert to see the security implications. > > And that last thing is excactly the point why a password needs to be > entered. Well, the only security implication of auto login is: "Everybody standing in front of the PC can switch it on just like I do, and then use it just like I do." Anyone that can button his shirt by himself is able to see that. > A PC is not a TV or a fridge or any other household applience. That really depends on whom you ask... > The only reason you could turn auto login on is because that way you get > much less people asking how the can log in automagically. [...] > Now pick a number of calls per hour worldwide that this will generate and > put those numbers in http://www.erlang.com/calculator/call/ > You will see that that amounts to a number of agents, wich can be > translated to money. Very interesting point. I think at least from a business perspective it makes a lot of sense to try to reach a balance between security/safety and usability, at least when you produce a consumer OS like Suse Linux. Not like I wouldn't want a default umask to 077 for Suse and default permissions set to "secure" instead of "easy". But I don't think that will happen any time soon. For usability reasons. Cheers nordi --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
