On Tue, 24 Nov 2009, Matthew Miller wrote:
On Tue, Nov 24, 2009 at 01:27:40PM -0500, Matthias Clasen wrote:
Like I said, this is a tangent, and I'm certainly not expecting anyone to
work on this. But it'd be cool if they did.
Just as everybody else is struggling to get away from pam's awful
apis...I don't think this would be a step forward; but sure, it might be
doable.
The awful API is actually an argument _for_ doing such a thing: it gets
encapsulated away in only one place that needs to be maintained, and
everyone can just write to PolicyKit.
And in general having the logging of security-elevation events be in the
lowest common denominator piece of code or interface keeps important
information from getting lost due to insufficient logging in a calling app.
-sv
--
Fedora-security-list mailing list
Fedora-security-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-security-list
