Bug#708548: closed by Holger Levsen hol...@layer-acht.org (a feature, not a bug)
Control: reopen -1 Holger Levsen hol...@layer-acht.org writes: I'm not maintaining the software you're having issues with. I'm merely playing janitor for rc bugs said to be affecting wheezy. So out of 273 of those, I moved 140 away, so that people trying to actually fix bugs in wheezy have a much better list to look at. Out of those 140 moved away there was one leading to some discussion... http://udd.debian.org/bugs.cgi?release=wheezyrc=1 in case you are interested. On Dienstag, 4. Juni 2013, Daniel Pocock wrote: thats a gnome desktop? Yes, it is a default gnome desktop (I log in with Gnome classic) ic I agree but I thats wishlist or so. If it is a wishlist item, why did you just close it without any correspondence with the bug reporter rather than simply changing priority? because I mostly thought WOW about the ridiculousness of the severity and labeling a feature a bug. This blew me away, literally, so that only after a while I could see some wishlist value in the bug. Also, *you* could also equally reopen, retitle and reassign the bug. Ridiculous severity is not a very good reason to close a bug, and it obviously wasn't necessary to do this for wheezy purposes either... -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#708548: closed by Holger Levsen hol...@layer-acht.org (a feature, not a bug)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 04/06/13 23:51, Holger Levsen wrote: I agree but I thats wishlist or so. If it is a wishlist item, why did you just close it without any correspondence with the bug reporter rather than simply changing priority? because I mostly thought WOW about the ridiculousness of the severity and labeling a feature a bug. This blew me away, literally, so that only after a while I could see some wishlist value in the bug. Encouraging people to make unplanned changes to their systems or normalising the idea that you just put your root password into arbitrary popups without clear details about why it's needed is not a trivial issue. Maybe you and I have ways of finding out what the popup really means, but the average user is just going to be given a poor experience. Popups spontaneously asking for the root password in order to make unidentified changes to the system? If users start putting in their root password for random popups, it undermines the whole concept of UNIX security. It won't be long before some phishing attack is developed that produces a Javascript popup resembling the root packagekit popup. I saw this again on a desktop today, it was completely spontaneous and wasn't triggered by the connection of a USB device as it is on the laptop. You haven't provided any evidence that this is in fact a feature - is it being tracked upstream or elsewhere? Frankly, I have no idea. I remember http://people.skolelinux.org/pere/blog/Lets_make_hardware_dongles_easier_to_use_in_Debian.html and http://people.skolelinux.org/pere/blog/tags/isenkram/ And there is http://wiki.debian.org/HardwareAutodetection I attach a screenshot of the offending popup. There you have it: packagekit, systemupdate. It runs apt-get update + apt-get upgrade for you. So there has been a DSA (when then popup came even though you Maybe you can deduce that from some background knowledge, but that is not explicitly written in the popup at all. plugged nothing into the desktop). Business as usual, a sensible default. If you dont like it, apt-get remove gnome is one choice, there are others. Pick Thanks Holger, that's likely to be helpful for all those people who come across this bug - maybe they'll just apt-get remove debian and try something else if they feel this is the way issues are discussed within our community. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQIcBAEBCAAGBQJRruAlAAoJEOm1uwJp1aqDR2kP/1W3h9WwZm5UpvXm1tu8+6VC eO2g09PqPq+l6lupuDG5+955rPg3/pQNzU8laJwq0a8OmDDUq49rrlK5WHVBo9PS Ff0FZxiQlL0oQj50QZP0UsTKVzw45n8w2TDDG87qFTpG6KQfvHy82r9kkXAfQIC9 ZhUDModHzxTOt7k/07Rb5YRothvNN9YFSIpu7oL5v8Hlv754qjO7D6LFZwy1je8J 1uizF5NlqRmKrIGWDQLCeLaMhBmkX6POorgk2/lv7mhrlnHLr1y7X7UbrXfyss78 RsU4SDHnWZewjHE1UQQD/GPGvH8/XSvEFfJUJVxqma6TGKcTY3VcO0NRsW6SzrhR etQnazE3Fg0B9jrznSe6XHSfvg0PS/brKdISCQb1GTnYFZPekcHTGmw3ydEccMkE I+26PVX8HENdbCgpd9yWwaZV/TDgNRZf3rhYXvpRVT8mDM7aEN3I10IAF3Wh7AId kKK2oOHp6mfKpkyarZmdUBoxjjzuaLxR2MwKvir3j6RvVYWb+w/NuLraFzv+v/Xz LHBeJVNSXhuIG2mwgU2XBXO2CEi8RKRA1UCvZNnY7TNu78+LNymJOTRpAesetCao EvO6rUVXJPTFJt4iaHSIKv1DxaQWHyFMJtwb+dWpXowaiudez98KQRedBNXVAcxc Ft5j8+Ql/vVGNHYXP6ml =Wmzd -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#708548: closed by Holger Levsen hol...@layer-acht.org (a feature, not a bug)
On 03/06/13 23:45, Holger Levsen wrote: Hi Daniel, On Montag, 3. Juni 2013, Daniel Pocock wrote: I'm certain that I did not change the configuration of my system to prompt for these updates. thats a gnome desktop? Yes, it is a default gnome desktop (I log in with Gnome classic) The system was updated from squeeze, it never did this under squeeze. well, there are many new features in wheezy! :-) Like my first packages in a stable release Also, the popup gives no real clue about what it's doing or what it wants to install. At the very least, it should give a concise explanation of what will be installed if somebody enters their root password. I agree but I thats wishlist or so. If it is a wishlist item, why did you just close it without any correspondence with the bug reporter rather than simply changing priority? Popups spontaneously asking for the root password in order to make unidentified changes to the system? If users start putting in their root password for random popups, it undermines the whole concept of UNIX security. It won't be long before some phishing attack is developed that produces a Javascript popup resembling the root packagekit popup. I saw this again on a desktop today, it was completely spontaneous and wasn't triggered by the connection of a USB device as it is on the laptop. You haven't provided any evidence that this is in fact a feature - is it being tracked upstream or elsewhere? I attach a screenshot of the offending popup. attachment: 708548.png
Bug#708548: closed by Holger Levsen hol...@layer-acht.org (a feature, not a bug)
Hi Daniel, I'm not maintaining the software you're having issues with. I'm merely playing janitor for rc bugs said to be affecting wheezy. So out of 273 of those, I moved 140 away, so that people trying to actually fix bugs in wheezy have a much better list to look at. Out of those 140 moved away there was one leading to some discussion... http://udd.debian.org/bugs.cgi?release=wheezyrc=1 in case you are interested. On Dienstag, 4. Juni 2013, Daniel Pocock wrote: thats a gnome desktop? Yes, it is a default gnome desktop (I log in with Gnome classic) ic I agree but I thats wishlist or so. If it is a wishlist item, why did you just close it without any correspondence with the bug reporter rather than simply changing priority? because I mostly thought WOW about the ridiculousness of the severity and labeling a feature a bug. This blew me away, literally, so that only after a while I could see some wishlist value in the bug. Also, *you* could also equally reopen, retitle and reassign the bug. But then, please see http://blog.liw.fi/posts/wishlist-bugs/ ... Popups spontaneously asking for the root password in order to make unidentified changes to the system? If users start putting in their root password for random popups, it undermines the whole concept of UNIX security. It won't be long before some phishing attack is developed that produces a Javascript popup resembling the root packagekit popup. I saw this again on a desktop today, it was completely spontaneous and wasn't triggered by the connection of a USB device as it is on the laptop. You haven't provided any evidence that this is in fact a feature - is it being tracked upstream or elsewhere? Frankly, I have no idea. I remember http://people.skolelinux.org/pere/blog/Lets_make_hardware_dongles_easier_to_use_in_Debian.html and http://people.skolelinux.org/pere/blog/tags/isenkram/ And there is http://wiki.debian.org/HardwareAutodetection I attach a screenshot of the offending popup. There you have it: packagekit, systemupdate. It runs apt-get update + apt-get upgrade for you. So there has been a DSA (when then popup came even though you plugged nothing into the desktop). Business as usual, a sensible default. If you dont like it, apt-get remove gnome is one choice, there are others. Pick yours. debian-users@l.d.o is a suitable forum for this, I believe. cheers, Holger signature.asc Description: This is a digitally signed message part.
Bug#708548: closed by Holger Levsen hol...@layer-acht.org (a feature, not a bug)
I'm certain that I did not change the configuration of my system to prompt for these updates. The system was updated from squeeze, it never did this under squeeze. Also, the popup gives no real clue about what it's doing or what it wants to install. At the very least, it should give a concise explanation of what will be installed if somebody enters their root password. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#708548: closed by Holger Levsen hol...@layer-acht.org (a feature, not a bug)
Hi Daniel, On Montag, 3. Juni 2013, Daniel Pocock wrote: I'm certain that I did not change the configuration of my system to prompt for these updates. thats a gnome desktop? The system was updated from squeeze, it never did this under squeeze. well, there are many new features in wheezy! :-) Also, the popup gives no real clue about what it's doing or what it wants to install. At the very least, it should give a concise explanation of what will be installed if somebody enters their root password. I agree but I thats wishlist or so. cheers, Holger signature.asc Description: This is a digitally signed message part.