[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Local users get to play root?

Am 2009-11-18 21:20, schrieb Jeff Spaleta:
On Wed, Nov 18, 2009 at 11:08 AM, Konstantin Ryabitsev
<icon fedoraproject org>  wrote:
Yes, this is security trade-off -- and with valid arguments. Does it
make sense to have this as a default configuration for a
desktop-oriented distribution? Quite possibly. Fedora installations in
managed environments have qualified sysadmins that can alter this
policy --

I'm not sure enough sysadmins understand PolicyKit enough to
confidently generate local policy edits.  I think learning how to
implement site specific PolicyKit best practises by modifying unwanted
PackageKit's behavior is going to be a trial by fire introduction to
PolicyKit policy editting for a lot of admins. We saw the same sort of
learning curve frustration when hal policy was introduced that changed
how hardware was handled.


I think this "feature" should have been a "Feature" along with the appropriate pros and cons and documentation. Instead we have a chorus of people saying "just turn it off" without anyone seemingly knowing the "correct" way of doing it.

Maybe we need a firstboot question to determine profiles.

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]