Final (hopefully) privilege escalation policy draft
Adam Williamson
awilliam at redhat.com
Mon Feb 15 20:10:33 UTC 2010
On Sun, 2010-02-14 at 19:42 +0100, Davide Cescato wrote:
> I just noticed that updating an already installed package no longer is
> on the list of actions requiring administrative privileges. This was not
> the case in earlier versions of the policy, which I found correct. The
> change entered the policy starting from the draft published on February
> 1. After a quick search, I was unable to find a justification for this
> change.
That's correct. This is frankly a 'realistic' decision, on the basis
that the PackageKit maintainer believes updating packages should be
allowed for a regular user by default and intends to implement this, and
I don't want to dictate this decision via the policy (that's not really
what we're writing the policy for), so I'd rather just go with PK's
choice there.
This is, of course, only a configuration choice, so in any installation
you could easily adjust the PolicyKit permissions and stop your users
being able to install updates.
--
Adam Williamson
Fedora QA Community Monkey
IRC: adamw | Fedora Talk: adamwill AT fedoraproject DOT org
http://www.happyassassin.net
More information about the devel
mailing list