Local users get to play root?

Jeff Spaleta jspaleta at gmail.com
Wed Nov 18 20:20:07 UTC 2009


On Wed, Nov 18, 2009 at 11:08 AM, Konstantin Ryabitsev
<icon at fedoraproject.org> wrote:
> Yes, this is security trade-off -- and with valid arguments. Does it
> make sense to have this as a default configuration for a
> desktop-oriented distribution? Quite possibly. Fedora installations in
> managed environments have qualified sysadmins that can alter this
> policy --

I'm not sure enough sysadmins understand PolicyKit enough to
confidently generate local policy edits.  I think learning how to
implement site specific PolicyKit best practises by modifying unwanted
PackageKit's behavior is going to be a trial by fire introduction to
PolicyKit policy editting for a lot of admins. We saw the same sort of
learning curve frustration when hal policy was introduced that changed
how hardware was handled.

-jef




More information about the fedora-devel-list mailing list