remove polkit from core?

Tue Nov 13 09:24:07 UTC 2012

On 11/12/2012 08:00 PM, Steve Grubb wrote:

> except that most admins will never be able to do this. The only people that
> get any flexibility are people who manage their own system. Everyone else
> likely has some compliance issues and they have to be verifiably in
> configuration. What will happen is the generic js file will be SHA256 hashed and
> we'll check the file's hash in SCAP and report the system as out of
> configuration.

This isn't completely sufficient—you also have to make sure that there 
isn't another Javascript snippet which overrides the operation of the 
valid script.

-- 
Florian Weimer / Red Hat Product Security Team