Richard Hughes wrote: > 2009/11/19 Jeff Garzik <jgarzik@xxxxxxxxx>: >> 1) We should recognize this new policy departs from decades of Unix and >> Linux sysadmin experience. > > Sure, it's different. It doesn't make it wrong. But the real issues which have been pointed out do. >> 2) F12 policy should be reverted to F11, ASAP. Possibly with a CVE. > > PolicyKit in F12 doesn't have the auth_admin (and save forever to > disk) functionality that F11 did. PackageKit can make remembering the authorization work without that feature. Or do you see any reason why: https://bugzilla.redhat.com/show_bug.cgi?id=534047#c141 would not work? (That said, I also blame PolicyKit for this apparently intentional regression.) > I think what we have in F12 is much more usable, perhaps trading off with > the perceived loss of control. I think you just picked the easy way out without realizing the consequences and are now spitting out bullsh*t to make us believe that decision made sense. > I say perceived as actually typing in a root password doesn't actually > make the system any more secure at all, less if anything. How is it less secure to only allow users knowing the root password (i.e. presumably the administrator(s) of the machine; if somebody else knows the root password, you have a big problem!) to install packages on their system on their own than to allow everyone and their dog to do it just because they happen to be sitting at the keyboard? >> 3) Due to #1, F13+ should not deviate from the decades-old default. > > Using that argument, we can just keep using GTK tools written in > python, that use consolehelper to run 2 million lines of code as the > root user on the users session. How wonderful. That's a strawman. It wasn't his argument at all. > Err, I don't think this is how we want to brand the desktop spin. > Other spins just need to ship different defaults for all the other > PolicyKit daemons too. If anything, the GNOME desktop spin should be the one customizing the policy, the default should be secure. But I don't consider this default appropriate even for that one spin. > Also, we've not made this change upstream lightly. We've got upstream > review and policy documents which you might find useful: > > http://cgit.freedesktop.org/packagekit/plain/docs/security.txt > http://cgit.freedesktop.org/packagekit/plain/docs/setting-the-proxy.txt > http://cgit.freedesktop.org/packagekit/plain/policy/org.freedesktop.packagekit.policy.in And still you failed to realize the obvious issues with this change? Kevin Kofler -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
