[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: PackageKit policy: background and plans

On Mon, 2009-11-23 at 22:32 +0000, Colin Walters wrote:
> On Mon, Nov 23, 2009 at 10:02 PM, James Morris <jmorris namei org> wrote:
> >
> >
> > Possibly (it could simply be that an updated policy is weaker for some
> > reason) -- but it doesn't matter, there should be no way to change MAC
> > policy without MAC privilege.
> It'd be nice here if we had the ability to only grant the ability to
> install applications, not packages.

 "applications" is still way too broad, IMO. Even if you limit it to
what I assume you meant, "Desktop applications", it's not obvious that
is good enough.

 A useful end goal seems more likely to be something like "allow 'local'
users to update/install signed/trusted versions of: fonts, codecs,
themes, games, editors". For bonus points you could make it possible for
them to remove packages they have installed.
 If done well this should even allow things like the "webadmin" role
being allowed to update/install apache related packages.

James Antill - james fedoraproject org

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]