polkit-gnome-authorization missing
Jeroen van Meeuwen
kanarip at kanarip.com
Tue Oct 20 17:59:09 UTC 2009
On 10/20/2009 04:06 PM, David Zeuthen wrote:
> On Sun, 2009-10-18 at 13:21 +0200, Jeroen van Meeuwen wrote:
>> On 10/17/2009 10:34 PM, David Zeuthen wrote:
>>> On Sat, 2009-10-17 at 09:49 +0530, Rahul Sundaram wrote:
>>>> To help me understand this better, can you give me a example? Let's say
>>>> I want to tweak PackageKit's policy to not ask for root password even
>>>> when untrusted packages are being installed,
>>>
>>> (this is not a good idea but let's ignore that for the time being)
>>>
>>
>> Actually you're not in a position to determine whether this is or is not
>> a good idea.
>
> Actually I'm uniquely qualified to make statements like that since I
> wrote the mechanism (e.g. PolicyKit) allowing people to aim for their
> foot and blow their whole leg off.
>
> (Allowing people to hang themselves (or shoot their leg or foot off or
> whatever) is of course not the goal of PolicyKit... but since PolicyKit
> is a security-mechanism it does allow people to do such things even if
> they are crazy.)
>
> Mind you, not only am I qualified to make such statements, it's my
> goddamn responsibility, as the author of the software, to tell people
> "don't do that, it's a root-exploit in the making" - especially if it's
> on a public mailing list where authors of "helpful" guides a'la "How to
> make Fedora Work" recipes etc. will find the discussion via Google and
> other search engines.
>
Good god... So this is how you think you can determine whether allowing
users to install unsigned packages is a good idea or not, better then
anyone else can? I'm doubting whether you've ever administered some
real-life desktop systems
FWIW, I love PolicyKit for giving me more granular control (potentially)
over what users can do; I wouldn't want them to remove my configuration
management packages for example, but sudo yum privileges often extend
too much beyond the boundaries of what is acceptable delegation. That
is, in most of the situations where I manage desktop systems.
-- Jeroen
More information about the Fedora-desktop-list
mailing list