Re: Local users get to play root?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Am 2009-11-18 21:27, schrieb nodata:
Am 2009-11-18 21:20, schrieb Jeff Spaleta:
On Wed, Nov 18, 2009 at 11:08 AM, Konstantin Ryabitsev
<icon@xxxxxxxxxxxxxxxxx> wrote:
Yes, this is security trade-off -- and with valid arguments. Does it
make sense to have this as a default configuration for a
desktop-oriented distribution? Quite possibly. Fedora installations in
managed environments have qualified sysadmins that can alter this
policy --

I'm not sure enough sysadmins understand PolicyKit enough to
confidently generate local policy edits. I think learning how to
implement site specific PolicyKit best practises by modifying unwanted
PackageKit's behavior is going to be a trial by fire introduction to
PolicyKit policy editting for a lot of admins. We saw the same sort of
learning curve frustration when hal policy was introduced that changed
how hardware was handled.

-jef


I think this "feature" should have been a "Feature" along with the
appropriate pros and cons and documentation. Instead we have a chorus of
people saying "just turn it off" without anyone seemingly knowing the
"correct" way of doing it.

Maybe we need a firstboot question to determine profiles.

and a tool to switch a box between different profiles/roles too.

--
fedora-devel-list mailing list
fedora-devel-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-devel-list

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux