PackageKit policy: background and plans
Adam Williamson
awilliam at redhat.com
Tue Nov 24 14:56:08 UTC 2009
On Mon, 2009-11-23 at 19:01 -0500, Gregory Maxwell wrote:
> On Mon, Nov 23, 2009 at 6:43 PM, Jesse Keating <jkeating at j2solutions.net> wrote:
> > This is precisely the dialog that has been removed from F12 and is not
> > planned to be returned.
>
> My understanding was that this was removed because collecting the root password
> during a user session is insecure because there could be a sniffer or the dialog
> could be faked.
>
> If I understand you correctly you are saying that even if this weakness were
> addressed (e.g. through whatever means make fast user switching secure) that
> the feature would not be re-introduced. Am I misunderstanding?
>
> If I am not misunderstand, can you point me to the real reason that this feature
> was removed?
Your understanding is not correct. The 'feature that was removed' is
retention of authorizations (for more than a very short period).
PolicyKit 0.x had keep_always policies, which asked a user to
authenticate for an operation just once and then kept that authorization
indefinitely. These are what were removed in PolicyKit 1.x, leaving only
the keep policies, which retain authorization for just a few minutes.
--
Adam Williamson
Fedora QA Community Monkey
IRC: adamw | Fedora Talk: adamwill AT fedoraproject DOT org
http://www.happyassassin.net
More information about the fedora-devel-list
mailing list