Final (hopefully) privilege escalation policy draft

Adam Williamson awilliam at
Tue Feb 23 02:12:05 UTC 2010

On Fri, 2010-02-19 at 21:05 -0600, Matthew Woehlke wrote:
> Tim Waugh wrote:
> > On Mon, 2010-02-15 at 12:10 -0800, Adam Williamson wrote:
> >> That's correct. This is frankly a 'realistic' decision, on the basis
> >> that the PackageKit maintainer believes updating packages should be
> >> allowed for a regular user by default and intends to implement this, and
> >> I don't want to dictate this decision via the policy (that's not really
> >> what we're writing the policy for), so I'd rather just go with PK's
> >> choice there.
> >
> > The justification I remember for it was that authentication dialogs
> > should be for "exceptional" situations, not for things that might
> > regularly need to occur such as updates, and to avoid lulling users into
> > blinding typing passwords into dialogs every time they are presented
> > just to get stuff done.
> What happened to 'ask the first time, and at the same time ask to change 
> the policy to make this action permitted without authentication'? 

It was taken out of PolicyKit 1.x. The PK devs consider it a bad
paradigm. There's more detail in discussions on that list (going back a
ways, I think).

> IMO 
> that's the right way. Either the user will be nagged *once*, or else 
> they have said that they want to be nagged.
> And... IMO if the policy doesn't require this, then it fails to address 
> the point that was the entire reason for wanting such a policy in the 
> first place.

My reasoning for wanting a policy was to have a clear and central
definition of how Fedora intends to handle privilege escalation, not
necessarily to impose any tighter restrictions on privilege escalation
than were previously informally practiced.
Adam Williamson
Fedora QA Community Monkey
IRC: adamw | Fedora Talk: adamwill AT fedoraproject DOT org

More information about the devel mailing list