remove polkit from core?
Matthew Miller
mattdm at fedoraproject.org
Mon Nov 12 16:31:40 UTC 2012
On Mon, Nov 12, 2012 at 10:37:54AM -0500, Steve Grubb wrote:
> > > Of course, the real question is why the heck PolicyKit needs a Turing-
> > > complete rule language (which also forced everyone to port their
> > > existing rules) when the previously-used simple INI-style pkla rule
> > > format did the job just fine!
> Another problem is how would we do SCAP configuration checks when the language
> will allow 20 different ways to do the same thing? We might be able to do a
> SHA256 has of the js. Which means you've completely lost any ability to modify
> the behaviour. In an ini file, we could pick out the lines that were important
> and check them only allowing other settings we don't care about to change.
>
> Additionally, access control decisions should be audited. There are no
> libaudit bindings for javascript.
I'm very sympathetic to these concerns, but this is the way the upstream
package has gone. How do we reconcile that?
--
Matthew Miller ☁☁☁ Fedora Cloud Architect ☁☁☁ <mattdm at fedoraproject.org>
More information about the devel
mailing list