On Tue, Nov 13, 2012 at 02:07:53PM -0500, Matthias Clasen wrote: > A concrete action that we are going to take is to split the polkit daemon > into its own subpackage. Then minimal / certifiable installs can contain > clients that are using the polkit libraries, without pulling in the > daemon. Polkit clients are already expected to handle this situation and > fall back to allow only uid 0. All of this is documented in So, is it fair to say that this allows the choice of: * auditable but with root-only access * configurable policy that doesn't meet the requirements for some secure enterprise uses ? I'm not going to spend a lot of time to oppose that, but I will note that it's sad to lose the middle ground provided by key-value configuration, when that covers a lot of cases. -- Matthew Miller ☁☁☁ Fedora Cloud Architect ☁☁☁ <mattdm@xxxxxxxxxxxxxxxxx> -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
