[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: PackageKit policy: background and plans



On Mon, 2009-11-23 at 19:01 -0500, Gregory Maxwell wrote:
> On Mon, Nov 23, 2009 at 6:43 PM, Jesse Keating <jkeating j2solutions net> wrote:
> > This is precisely the dialog that has been removed from F12 and is not
> > planned to be returned.
> 
> My understanding was that this was removed because collecting the root password
> during a user session is insecure because there could be a sniffer or the dialog
> could be faked.
> 
> If I understand you correctly you are saying that even if this weakness were
> addressed (e.g. through whatever means make fast user switching secure) that
> the feature would not be re-introduced.  Am I misunderstanding?
> 
> If I am not misunderstand, can you point me to the real reason that this feature
> was removed?

Your understanding is not correct. The 'feature that was removed' is
retention of authorizations (for more than a very short period).
PolicyKit 0.x had keep_always policies, which asked a user to
authenticate for an operation just once and then kept that authorization
indefinitely. These are what were removed in PolicyKit 1.x, leaving only
the keep policies, which retain authorization for just a few minutes.

-- 
Adam Williamson
Fedora QA Community Monkey
IRC: adamw | Fedora Talk: adamwill AT fedoraproject DOT org
http://www.happyassassin.net


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]