Hello, On Wed, Sep 11, 2013 at 9:10 AM, Dhiru Kholia <dhiru.kholia@xxxxxxxxx> wrote: > In FESCo ticket #1115, it was decided to modify the privilege escalation > policy in order to allow local, active, admin user to update/remove/etc > signed software without requiring a password. <snip> > In FESCo ticket #1117, it was decided to extend this policy to > potentially cover other privileged operations. At this point, "we" are > looking for more use cases. Lot of such use cases are already listed on > the following page, The question FESCo was considering is not "which password prompts are annoying", but "what system-wide policy does something useful"? For example, the "Scope" part of https://fedoraproject.org/wiki/Privilege_escalation_policy is a general policy (providing a specific security-relevant promise), and the rest of the page is just a specific implementation. Similarly, see https://fedorahosted.org/fesco/ticket/1117#comment:2 attempts to approach the problem from a similar angle. Starting with annoying use cases an using them to find how the general policy needs to change does make a lot of sense, or course; I just wanted to make sure that the subject of the email does not mislead us into just killing passwords left and right. Mirek -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
