On Mon, Nov 12, 2012 at 10:37:54AM -0500, Steve Grubb wrote:
> > Of course, the real question is why the heck PolicyKit
needs a Turing-
> > complete rule language (which also forced everyone to port their
> > existing rules) when the previously-used simple INI-style pkla rule
> > format did the job just fine!
Another problem is how would we do SCAP configuration checks when the language
will allow 20 different ways to do the same thing? We might be able to do a
SHA256 has of the js. Which means you've completely lost any ability to modify
the behaviour. In an ini file, we could pick out the lines that were important
and check them only allowing other settings we don't care about to change.
Additionally, access control decisions should be audited. There are no
libaudit bindings for javascript.
I'm very sympathetic to these concerns, but this is the way the upstream
package has gone. How do we reconcile that?
--
Matthew Miller ☁☁☁ Fedora Cloud Architect ☁☁☁ <mattdm(a)fedoraproject.org>