On Thu, 2009-11-19 at 21:29 -0500, Owen Taylor wrote: > > I'm writing this mail somewhat by default: the people who really matter > are the maintainers of the relevant packages, but Richard has gone to > bed, and David Zeuthen and Matthias Clasen are on vacation this week. > I'll try to reflect what they would say; much of it is certainly my own > personal take on things instead. [...] > > Executive summary > ================= > > We'll make an update to the F12 PackageKit, so that the root password is > required to install packages. Wow, I go on vacation for a week, and as a welcome-back-present I get this 1000+-message monster thread :-) Thanks for filling in for me so eloquently, Owen. I thought I should follow up and provide some more clarifications on the changes that have happened in PolicyKit and where we hope to get to, user-experience-wise. First of all, you should realize that the PolicyKit in F12 is quite different from the one in F11, which should already be apparent from the package name change (from PolicyKit to polkit). Many of the changes that happened on the way are about making PolicyKit more 'enterprise-ready' and maintainable: 1) The daemon has been refactored to allow separate backends. PolicyKit itself ships a 'local files' backend, but all the infrastructure is in place to write a backend that e.g. determines its policy by talking to a directory server. 2) The 'action definitions' (in /usr/share/polkit-1/actions/) have been separated from the policy itself (in /var/lib/polkit-1/localauthority/). 3) Policy for the 'local files' backend can easily be overridden on a site-, org- or, local- granularity. 4) Policy for the 'local files' backend can be defined based on group membership. 4) There is quite a bit of useful documentation in polkit(8) and pklocalauthority(8). Docs could of course always be improved, but David has every reason to be proud of the amount of work he invested in the polkit docs, in my opinion. Then there have been a few changes where things in PolicyKit 0.9 were just not quite right: 5) Retained authorizations have already been discussed as a somewhat questionable feature. It also leads to awkward UI (nested checkboxes), so these have been removed. 6) polkit-gnome-authorization was really not a usable tool to configure policy. At best, it was a debug tool. It has been removed. If people are desperate to have a similar policy tweak tool back, it is certainly possible to implement one for the local files backend (it doesn't really make sense for e.g. a directory server backend), but that is not our priority. Our plan for policy configuration is, as Owen explained, is to ship a default set of roles and have a simple user interface that allows to assign roles to users. The roles will use the ability of the local files backend to define group-based policy. In fact, we already have a package defining such roles: polkit-desktop-policy. The one thing that we did not get done for F12 is the user interface that allows to easily assign roles to users. The plans for that are outlined here: http://www.fedoraproject.org/wiki/Features/UserAccountDialog Once we have roles in place, the package defaults for authorizations (i.e. what gets installed in the .policy files) should be changed to be very restrictive. Matthias -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
