There is a scary discussion on the Ubuntu Developers mail list.

[aysiu]

By the way, while I don't agree that this is a scary discussion, I will say that the proposal is a bit misguided. There's only so much you can protect users from themselves without educating them. Any uneducated user who has an administrative password (either root or sudo) is a security risk. Social engineering evolves. Right now, there may seem to be an easy way to thwart attempts to hijack security, but the ultimate solution is educating users, not constricting them.

I was just talking about this with some co-workers yesterday at lunch regarding wire transfers to Nigeria, PayPal asking you to verify credit card information, etc. Those social engineering scams mainly have to do with personal/financial security and less to do with operating system security, but the principle remains the same--these 30-something and 40-something co-workers of mine (who are not necessarily tech-savvy) had to wise up to the ways of the world, and they lamented how they were not always as wise as they are now.

Just as you tell a child not to take candy from strangers, you also have to tell computer users of any age not to download software from just anywhere. Teach them to be discerning. Yes, it's true--a warning pop-up will almost always go unread--but it's not up to the developers to think for you what is "trusted" or "not trusted" software. It's up to users to educate each other, just the way we do about looking both ways before crossing the street or not touching the stove when it's hot. Imagine if stove/oven manufacturers had to prevent users from turning on the stove because people might just touch it and burn themselves. It's ridiculous!

[RAV TUX]

By the way, while I don't agree that this is a scary discussion, I will say that the proposal is a bit misguided. There's only so much you can protect users from themselves without educating them. Any uneducated user who has an administrative password (either root or sudo) is a security risk. Social engineering evolves. Right now, there may seem to be an easy way to thwart attempts to hijack security, but the ultimate solution is educating users, not constricting them.

I was just talking about this with some co-workers yesterday at lunch regarding wire transfers to Nigeria, PayPal asking you to verify credit card information, etc. Those social engineering scams mainly have to do with personal/financial security and less to do with operating system security, but the principle remains the same--these 30-something and 40-something co-workers of mine (who are not necessarily tech-savvy) had to wise up to the ways of the world, and they lamented how they were not always as wise as they are now.

Just as you tell a child not to take candy from strangers, you also have to tell computer users of any age not to download software from just anywhere. Teach them to be discerning. Yes, it's true--a warning pop-up will almost always go unread--but it's not up to the developers to think for you what is "trusted" or "not trusted" software. It's up to users to educate each other, just the way we do about looking both ways before crossing the street or not touching the stove when it's hot. Imagine if stove/oven manufacturers had to prevent users from turning on the stove because people might just touch it and burn themselves. It's ridiculous!

aysiu, I commend you for your clarity in thought but more so for your articulate way to express yourself in writing so eloquently. Thank You for your post.

[Cappy]

However *this facility must not to be accessible to naive users*.

And then naive users won't be able to install any 3rd party software. And then they go back to Windows OR they will just learn how to do it "the new way"

This does not solve any problem.

[Frak]

I trust the devs, they are just making another KISS (Keep It Simple Stupid) technique. If they did do something nefarious, within a week they would not only be disbanded for various reasons, but multiple Forks would have already been made excluding that function.

But seriously, they could never get away with anything nefarious because the code is open.

Some users don't know what they are doing, and sometimes we need to take their hand. Not everybody wants to worry about things we do, hopefully we will reach the day when your screen is autoconfigured, all malware is eliminated automatically, with no notification, for free, all hardware works, and nobody needs an IQ over 140 to operate it.

Our goal is to create the easiest OS to use, on this Earth or anywhere, not to compete with Windows. If Windows just goes away, then that's just an added benefit

[ryanVickers]

This is really quite stupid! your right about going back to windows! They will just be like "We were less locked-in to the "brandname" software with Micro$oft!" and they'll leave.

[aysiu]

Our goal is to create the easiest OS to use, on this Earth or anywhere, not to compete with Windows. If Windows just goes away, then that's just an added benefit

If you're talking about Linux, then you're right. If you're talking about Ubuntu, then you're wrong.

Bug #1 is Microsoft has a majority market share. It mentions Microsoft specifically, so Ubuntu is a direct competitor to Windows.

[Frak]

If you're talking about Linux, then you're right. If you're talking about Ubuntu, then you're wrong.

Bug #1 is Microsoft has a majority market share. It mentions Microsoft specifically, so Ubuntu is a direct competitor to Windows.

OK, then.

DOWN WITH WINDOWS

[RAV TUX]

If you're talking about Linux, then you're right. If you're talking about Ubuntu, then you're wrong.

Bug #1 is Microsoft has a majority market share. It mentions Microsoft specifically, so Ubuntu is a direct competitor to Windows.

kind of like the once unknown cola that decided to go in direct competition with the major cola.

The once unknown cola: Pepsi
The only major cola: Coca Cola

Marketing genius that worked for Pepsi, lets hope it works for Ubuntu also.

[ryanVickers]

You know what's interesting, there's usually 2 marketing techniques: 1 is simply stating what you have (used if your the top product, and everyone is clueless to the competitors), and the other technique is to compare the products and make it look like yours is better (used if your fighting your way to the top). The interesting thing is, micro$oft has been using #2 lately, so, I think they've finally recognized linux as a big risk to they're share of the market (at least on servers)!!!

[Dimitriid]

The approach is flawed.

1) Assuming Ubuntu will have any real penetration to guarantee attempts against users is absurd: Surely this developer and anyone on his side thinks too much of himself if he thinks he can achieve 0.1% market penetration within the next decade or so. ( and thats me being nice to him since he made the ridiculous claim "When Ubuntu is as popular as Windows" ) So right off the bat, its appealing to users so dumb that their wreck windows installations with spyware is already appealing to users that wont ever switch to Linux unless somebody successfully stops windows from being on virtually every single consumer PC preinstalled. Much like copy protection and DRM what will these do? Keep smart users smart? Dumb users use Windows and OS X

2) Assuming that any security team anywhere will be able to keep up with all the software people want to install. Limiting people to just the repositories they approve ( or making the OS jump through many hoops in order to enable third party repositories ) will just create a bottleneck. Do we really need more bottlenecks to development when they are already on only a fixed 6 month release cycle which pretty much limits the distro greatly? ( I.E. K/ubuntu will be very late to officially support KDE 4.0 since it will come out in mid cycle, completely losing momentum )

While they are concerned with security, im concerned with their wishful thinking, overly active imagination and naiive optimism. Should this find its way to the distro I would probably find my way to another distro, a distro that can fit both a power desktop user and is accessible enough for less advanced users. If I wanted something as paranoid Id get a server oriented distro with little or no upgrades.