On Mon, Aug 10, 2009 at 9:08 AM, Tim Waugh<twaugh@xxxxxxxxxx> wrote: > What is the goal of the default Fedora PolicyKit policy system-wide, and > how can we check that PolicyKit mechanisms' default policies are > adhering to it? Generally where I'd like to move to is where the RPM package defaults are appropriate for a shared computer lab PC, and the desktop spin kickstart modifies things as appropriate for the unmanaged home PC/laptop. You could think of "computer lab PC" as very similar to the our heritage, the "timesharing unix server" case, except that it makes sense for say plugging in a USB key to do something useful. An example of something that would be different between the RPM package and desktop spin is the policy for software installation. In the RPM package it should be either none allowed or "initiate updates only", whereas the desktop spin would allow clickthrough for arbitrary RPM installation. (This is mainly relevant in the future when we don't have a separate root password in important places in the UI flow). We don't do this at all now though =) For your particular case I think your current policy is the best we can do for all targets. -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
