On Wed, 2009-11-18 at 22:38 +0000, Richard Hughes wrote:
2009/11/18 Jeff Garzik <jgarzik(a)pobox.com>:
> And this enormous security hole of a policy change was done with next to
> /zero/ communication, making it likely that many admins will not even know
> they are vulnerable until their kids install a bunch of unwanted packages.
F11 had retained authorisations, which arguably were more of a
security weakness. If rawhide had been signed during the F12 cycle
everybody would have seen this change much earlier.
If you're deploying F12, then I really think you should know the
basics about PolicyKit.
Richard,
let's reverse it then.
If it is so simple and if all our users should know about PolicyKit,
then it should be no problem delivering a more secure policy by default,
and let people change the policy to less secure if they want.
Deal ?
Simo.
--
Simo Sorce * Red Hat, Inc * New York