PCLinuxOS Education 2012 and security concerns

[melodie]

Hi,

I am trying to build a new version which complies to the PCLinuxOS standards, and do I have concerns about security, because of the installer which does not require the root password before being launched. The problem is that some people see the CD as something quite innocent as it is meant for small children, and may not realise that it is a full featured Operating System, which can be installed to hard drive from the Live session, even though they are told so.

As you know this is a project which has been worked on for a long time, and which starts to get known a little just now. It is mostly a parent's project : myself and all the people who brought lists of edu programs to try in it, all who tested, all have young children, among them some children have tested and given feedback brought by their parents, and this all took almost 2 years. We also have files to make DVD covers and CD covers, and all the sources are available. (I won't repeat it here, but I can gather again the info about it somewhere else, if someone has the wish to see all the info in one place).

With djohnston who did a lot of work on it, we started to work on a documentation, which we are now continuing with Desmoric who has good ideas too : it will be available in English and in French, and will be meant to be printed and go along this version, but even with a documentation so well thought we will try to do, the people might not pay attention enough. If I say so it is because I met with a bad experience after I handed a CD with a gnarly narcos branded Edu system once, where a person of the family in visit was handed this one CD and destroyed all the datas, happily choosing the "Install to CD" boot stanza.

So for one, would it be alright to remove this boot stanza from the ISO especially - and only - for the Edu version ? (which is a feature that Texstar added to mylivecd only at the end of last year in the Live CD), then would it be ok to tweak the draklive-install desktop file a bit to make it prompt for the root password when launched from the menus ?

I would be very happy to create the next one in a way that fits the standards, without putting the datas of the parents or the schools at stake, just because child games don't look so dangerous to the people having little knowledge about OS'es.

Last, for the Education version I prefer having some settings in the policykit conf lines which also prevents access to internal partitions without a root password, without however cutting completely the access, for access can also sometimes be very handy.

I would like to please the people of the team in charge to take their time to think and to take about this, it is a very serious concern for me.

Regards,
Mélodie

[Hootiegibbon]

Melodie,

I think that the terms for release of a PCLinuxOS branded iso are very clear.

I have pulled Iced Latte and RAW as they do not comply with these rules.

If this is a venture you wish to explore , then perhaps you need to de-brand and make it your own personal project.

You will be please to know that sourceforge will host iso's and provide an area for support also

Jase

[melodie]

Hi,

I have edited the post twice and asked for the answers to be thought for some time, just not in one minute. AS told me at the French forum that it is a matter of not breaking the distro. So if it can be admitted that coming for this one version only, to what it has been on all for many years : no install in the boot stanza, and  a "gsku /usr/bin/draklive-install" in the Exec line of the desktop file can be acceptable, all the rest will be compliant.

So please, would you mind waiting for other people to read my post and talk a bit with several members of the team ? It is not about a distro for grown ups here, and I have already removed all non compliant parts from the one I have in my factory machine.

Also please take the point that I have no personal concern here, about "my distro". I am concerned about the people who will use it to have the right to come here at the forum to ask for help, even long after when I will not have time anymore to look after it, and about the people who might be interested to continue it when I will want to try other things in the computer. This is the very reason why I am ok to step backwards about the different parts which can't be detected without knowing where they are.

Regards,
Mélodie

PS: I have no problem with disk space and hosting, I am not asking any space for PCLinuxoS Education : I have 2 good places, which are fast enough and reliable.

[Hootiegibbon]

Melodie,

The way i see it is that, if after setting the minimum expectations in writing, which was done to provide a CLEAR and EASY to understand guide in order to submit an iso, and at the first query of this an exception is requested ...

Having exceptions any exceptions to an agreed process make that process weaker, and what if some one else requests an exception too... it is a slippery slope.

I would suggest that you may wish to look a alternative solutions to this issue.

I of course can only state my thoughts on this , the other members of the Team will be able to read and make up their own mind on this matter - but I have clearly stated my stance.

Jase
 

[Old-Polack]

melodie:

Linux and all of open source is about standards, and adherence to those standards. Windows is largely incompatible with other operating systems because Microsoft refuses to comply with standards, and refuses to divulge whatever nonstandard means it uses within its systems. This creates chaos wherever environments exist that require more than just a Windows presence.

We have long had standards that, while not explicitly written down, were agreed to by those wishing to create officially recognized community releases, because Texstar simply stated what he expected the minimum to be. By complying with these minimum standards, a number of very nice community releases were initially created.

Lately, newer versions of those initial releases have been straying from the minimum standards, mostly because their creators seem to think their ideas are superior to those by which the official PCLinuxOS KDE release is maintained. When those ideas were implemented, and problems directly attributable to them appeared on the forum, we who maintain the main official PCLinuxOS release, decided it was time to clearly state in writing what the absolute minimum standard for a recognized community release is, and will be, so there would be no confusion about it in the future.

The images that you create are by far the worst offenders, and you have repeatedly ignored requests to make the necessary modifications to bring those images back into compliance, so the written compliance rules are largely the result of those refusals, and the problems they cause.

The minimum standards were posted just four days ago and already you are asking that exceptions be made, just for you and your project. It's not going to happen. Your choice is to either comply with the minimum standards, or have your projects deemed unofficial releases and unsupported on this forum. There is no third choice.

We have tried to deal with this issue privately, through PMs between various members of the development team and yourself, but you insisted on making this a public issue by starting this thread. Now I've stated publicly exactly what you've been repeatedly told in private. We had hoped to save you any embarrassment this may cause, and give you a graceful way to bring your projects into compliance, without the need for any public humiliation. I'm truly sorry that you chose to take this road instead.