2009/11/18 Chris Adams <cmadams@xxxxxxxxxx>: > I would like to see this discussion separate from discussion about the > current issue with PackageKit. That would be nice :) The problem is who to target. If you call Fedora a desktop distro, then it makes perfect sense for local users to be able to shutdown the computer, suspend, change the system clock and install clipart without passwords, as long as it's done in a secure way. If you call Fedora a server OS, then it shouldn't be shipping PackageKit at all, and should have most of the PolicyKit authentication actions defaulting to no. So obviously we need some middle ground. I guess if the spins "personalise" the package set then they should also personalize the security defaults. e.g. a server spin would not include PackageKit at all, and default to not letting users change the time. A desktop spin would allow the desktop user to do most things without a administrator password. The tricky part is deciding a default policy that is suitable for all the people using Fedora, which honestly, I think is impossible. Richard. -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
