Re: Final (hopefully) privilege escalation policy draft

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Fri, 2010-02-19 at 21:05 -0600, Matthew Woehlke wrote:
> Tim Waugh wrote:
> > On Mon, 2010-02-15 at 12:10 -0800, Adam Williamson wrote:
> >> That's correct. This is frankly a 'realistic' decision, on the basis
> >> that the PackageKit maintainer believes updating packages should be
> >> allowed for a regular user by default and intends to implement this, and
> >> I don't want to dictate this decision via the policy (that's not really
> >> what we're writing the policy for), so I'd rather just go with PK's
> >> choice there.
> >
> > The justification I remember for it was that authentication dialogs
> > should be for "exceptional" situations, not for things that might
> > regularly need to occur such as updates, and to avoid lulling users into
> > blinding typing passwords into dialogs every time they are presented
> > just to get stuff done.
> 
> What happened to 'ask the first time, and at the same time ask to change 
> the policy to make this action permitted without authentication'? 

It was taken out of PolicyKit 1.x. The PK devs consider it a bad
paradigm. There's more detail in discussions on that list (going back a
ways, I think).

> IMO 
> that's the right way. Either the user will be nagged *once*, or else 
> they have said that they want to be nagged.
> 
> And... IMO if the policy doesn't require this, then it fails to address 
> the point that was the entire reason for wanting such a policy in the 
> first place.

My reasoning for wanting a policy was to have a clear and central
definition of how Fedora intends to handle privilege escalation, not
necessarily to impose any tighter restrictions on privilege escalation
than were previously informally practiced.
-- 
Adam Williamson
Fedora QA Community Monkey
IRC: adamw | Fedora Talk: adamwill AT fedoraproject DOT org
http://www.happyassassin.net

-- 
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux