-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 05/22/2013 03:30 PM, Kevin Fenzi wrote: > * #1115 guidance from FESCO on packagekit upstream policykit > change (nirik, 18:35:22) * LINK: > https://fedorahosted.org/fesco/ticket/1115 (nirik, 18:35:22) * > AGREED: local, active, admin user can update/remove/etc. signed > software w/o password. apps using this should not operate without > confirmation from the user. (nirik, 19:13:37) > FYI, I'd like to try to summarize some of the mitigating factors here before sensational journalists get their hands on it. This is *not* the same behavior as what we reverted in Fedora 12. Only users that have been designated as "Administrators" (in Fedora, this means membership in the 'wheel' group) will have the ability to install *signed* packages without reauthenticating themselves if-and-only-if they are the active user at the physical machine. We determined that the added risk here is minimal (if someone has come up to your unlocked system, they are most likely capable of doing far greater harm). To itemize what this policy change does *not* do: * It does *not* allow administrative users to install software over an SSH connection without re-authenticating. * It does *not* allow non-administrative users to install software without authenticating with administrative credentials * It does *not* allow administrative users to have software installed without presenting them with a confirmation dialog. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.13 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iEYEARECAAYFAlGdKYkACgkQeiVVYja6o6P4mACdEp4Tfhhvqb1BZaFkHYyPERGq HL8An2aBmzqAlCYHVFyJ7HM3PwY1G1UB =/e0C -----END PGP SIGNATURE----- -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
