Comment 64 for bug 194472

On Tue, 2010-02-23 at 23:25 +0000, Dustin Kirkland wrote:
> Per discussion in #ubuntu-hardened, the Ubuntu Security guys are opposed
> to the change I proposed above.
>
> Thus, this bug is closed, and should be handled in documentation.
>
> I have added a section to the sudoer's documentation:
> * https://help.ubuntu.com/community/Sudoers#Enabling%20Visual%20Feedback%20when%20Typing%20Passwords
>
> Those who want to enable visual feedback, can do so in the configuration
> file. Sorry.
>

Dustin ,
Does that really help? The bug here was because desktop users were
really confused that the terminal/sudo did not give a feedback when
every other gksu/policykit/gdm show the feedback.

If a user is aware enough to check the wiki and change that setting,
then editing the setting is not even essential. And it does not solve
any problem or this bug.

Users commenting here know that sudo gives no feedback and if needed
might enable the setting, but
- what about the users who _dont_ know why this is happening?
- why/how would they come upon the wiki to check and enable the
feedback? They would not even be aware that they need to set this up.

On the contrary , IMO , this can be enabled by default[atleast for
desktops] and the wiki can be for _disabling_ it , as that would be the
more common scenario for a user checking the wikis.

@ Security team:
If the temporary feedback is such a huge security issue ,
policykit/gksu/gdm[more commonly used than sudo] always display
feedback.
Why has that not been changed , is the Ubuntu OS' security severely
compromised now?
Are we planning to stop them from show feedback to improve security?
If no _active_ steps are being taken to prevent the feedback in those
places , why are we preventing the feedback in sudo?