Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

This is really concerning, how many other packages are distributed by OpenSUSE which do not match their policies and are not reviewed?

A Linux distribution is supposed to be more coherent and vetted than an app store. This... does not inspire confidence.



A Linux distribution is free to define its own security policy, which serves as a common understanding between developers and users.

And not all packages require auditing. The primary concern here lies with D-Bus services. Many D-Bus services need to run as root while allowing non-root users to access them. This enables users to perform tasks such as mounting or unmounting block devices without relying on SUID or sudo.

Such services are often referred to as "security boundaries", because they help isolate different privilege levels. Thus, security of those service is vital, especially in enterprise-oriented distributions.


The package showed a big license agreement and implemented circumvention steps! We're a bit beyond the D-Bus auditing issues.




Consider applying for YC's Fall 2025 batch! Applications are open till Aug 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: