On Mon, 2007-08-20 at 15:08 -0400, Colin Walters wrote: > On 8/20/07, David Zeuthen <davidz@xxxxxxxxxx> wrote: > > So, like it or not, we simply need to engineer the security of > the > operating system such that untrusted code running in your > desktop > session can do as little harm as possible. > > Ok we're pretty far afield here but I don't disagree with anything > you're saying here - all that work would help - but it doesn't change > my opinion that by far the biggest bang for the buck in terms of > security is making sure we get updates as painlessly (well tested > etc.) as possible. And hence, that's why we should not have any > password prompts for updating. Oh, I think we definitely agree on that. Btw, with the work on PolicyKit that I'm doing http://people.freedesktop.org/~david/polkit-admin-auth-1.png combined with the PackageKit work Richard is doing http://hughsient.livejournal.com/32948.html we should be close, with a bit of luck anyway, to having something for Fedora 9. I'm hoping to find time in a month or two to help out on that. Anyway, the beauty of this is that for the Fedora desktop spin we'll just ship with a /etc/PolicyKit/PolicyKit.conf [1] file that allows the action (and others) of updating the OS with signed package without asking for auth. And the admin (if any) can always change this however he likes. For a hypothetical super-secure govt compliant locked-down and secure desktop spin it will always default to denying this (and other actions) without even asking for any passwords. Centralized, fine grained, secure. David [1] : http://gitweb.freedesktop.org/?p=PolicyKit.git;a=blob;hb=HEAD;f=doc/man/PolicyKit.conf.5.in > -- Fedora-desktop-list mailing list Fedora-desktop-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-desktop-list
