On Tue, 2009-11-24 at 13:28 -0500, Bill Nottingham wrote:
I don't want to ship a desktop that doesn't let the user do useful things.
And you can ship a desktop SPIN that way. But the base pkgs should not install with an insecure set of choices.
if you want the spin to have a post-scriptlet which allows more things, then that's the choice of the desktop sig over the desktop spin.
Given how .pkla works, this is likely to be done with packages, not with %post hackery. (Which should make it much easier to reliably test, as well.)
As I noted somewhat flippantly in another thread, this comes with the problem that, theoretically, a user who has the privileges to install packages at a relaxed security level could arbitrarily raise the security level of the system to a much higher level, against the wishes of the administrator.
perhaps something akin to system-config-selinux would be needed to guard against this? I'm not sure how it could work in the PolicyKit framework, though.