On Fri, 2010-02-19 at 21:05 -0600, Matthew Woehlke wrote: > Tim Waugh wrote: > > On Mon, 2010-02-15 at 12:10 -0800, Adam Williamson wrote: > >> That's correct. This is frankly a 'realistic' decision, on the basis > >> that the PackageKit maintainer believes updating packages should be > >> allowed for a regular user by default and intends to implement this, and > >> I don't want to dictate this decision via the policy (that's not really > >> what we're writing the policy for), so I'd rather just go with PK's > >> choice there. > > > > The justification I remember for it was that authentication dialogs > > should be for "exceptional" situations, not for things that might > > regularly need to occur such as updates, and to avoid lulling users into > > blinding typing passwords into dialogs every time they are presented > > just to get stuff done. > > What happened to 'ask the first time, and at the same time ask to change > the policy to make this action permitted without authentication'? It was taken out of PolicyKit 1.x. The PK devs consider it a bad paradigm. There's more detail in discussions on that list (going back a ways, I think). > IMO > that's the right way. Either the user will be nagged *once*, or else > they have said that they want to be nagged. > > And... IMO if the policy doesn't require this, then it fails to address > the point that was the entire reason for wanting such a policy in the > first place. My reasoning for wanting a policy was to have a clear and central definition of how Fedora intends to handle privilege escalation, not necessarily to impose any tighter restrictions on privilege escalation than were previously informally practiced. -- Adam Williamson Fedora QA Community Monkey IRC: adamw | Fedora Talk: adamwill AT fedoraproject DOT org http://www.happyassassin.net -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel