@kestral @bagder but to make sure it’s actually his words, you need to verify!

@bagder cool. Thank you for taking the time to explain!

@bagder is that a function name starting with captical letters? Does that signal something in your coding standard?

@amutable @blixtra @brauner @pid_eins no double-opt in for the newsletter AND requiring unnecessary for a name and company is not making the best impression tbh

@nik @daandemeyer @pid_eins sure but again sudo has the same problem? A user could (depends on the sudo config) put a file there and chown it to a user as well.

@nik @daandemeyer @pid_eins ok but isn’t the problem in this case that in both cases a user is able to write undesired files in /etc that’s supposed for admin configs? I feel like sshd checking the owner of the files is a nice bonus but that shouldn’t be relied on as you imply. I assume there will be a possibility to configure what/if a person can do with run0?

@nik @daandemeyer @pid_eins how is that different from someone doing the same command with “sudo” instead of “run0 —empower”?

@Podman_io it would be awesome if we can see what in the changelog is related to rc3 alone. Hard to follow rc changelogs otherwise.

@th_in_gs same here actually. macOS uses something similar, called signed system volume. On linux you can still layer packages on top (although i wouldn’t recommend it as first step) and the nice thing: it’s blue/green booting. So updating the system is just downloading a new set of layers (which form a new “deployment”) and next reboot boots automatically into it. Problems? Just reboot and select the previous deployment. You can also view the pkg updates like a simple diff