On Thursday 19 November 2009 14:05:01 Richard Hughes wrote: > 2009/11/19 Jeff Garzik <jgarzik@xxxxxxxxx>: > > 1) We should recognize this new policy departs from decades of Unix and > > Linux sysadmin experience. > > Sure, it's different. It doesn't make it wrong. > > > 2) F12 policy should be reverted to F11, ASAP. Possibly with a CVE. > > PolicyKit in F12 doesn't have the auth_admin (and save forever to > disk) functionality that F11 did. I think what we have in F12 is much > more usable, perhaps trading off with the perceived loss of control. I > say perceived as actually typing in a root password doesn't actually > make the system any more secure at all, less if anything. > > > 3) Due to #1, F13+ should not deviate from the decades-old default. > > Using that argument, we can just keep using GTK tools written in > python, that use consolehelper to run 2 million lines of code as the > root user on the users session. How wonderful. > > > 4) Release notes should explain new [and after step #2, optional] policy > > in detail, including how to turn it off again. Seth's laudable write-up > > efforts should not have been necessary -- that info should be prepared. > > Sure, in retrospect I should have made a lot more noise in the release > notes, which I apologise for. The reason people didn't notice earlier > was because rawhide is unsigned, and hence all PackageKit operations > required the root password, even updating. > > > 5) The people who want this new security policy should add an opt-in > > checkbox in Anaconda or firstboot. > > Err, I don't think this is how we want to brand the desktop spin. > Other spins just need to ship different defaults for all the other > PolicyKit daemons too. I completely agree - other spins should select own defaults - but then you can't hide other spins but let users actual choose the right one. Instead saying - this is default spin, you should download this one, we have to state that this spin is for home desktop users, then we should have workstation spin on the same page, server spin, advanced kde desktop spin so users actually could select the correct one for their task. With website redesign - to match needs of home users - we are promoting Desktop spin as default Fedora - that's not true anymore. Jaroslav > Also, we've not made this change upstream lightly. We've got upstream > review and policy documents which you might find useful: > > http://cgit.freedesktop.org/packagekit/plain/docs/security.txt > http://cgit.freedesktop.org/packagekit/plain/docs/setting-the-proxy.txt > http://cgit.freedesktop.org/packagekit/plain/policy/org.freedesktop.package > kit.policy.in > > Richard. > -- Jaroslav Řezník <jreznik@xxxxxxxxxx> Associate Software Engineer - Base Operating Systems Brno Office: +420 532 294 275 Mobile: +420 731 455 332 Red Hat, Inc. http://cz.redhat.com/ -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list