Draft privilege escalation policy for comments
Kevin Kofler
kevin.kofler at chello.at
Sat Jan 30 07:33:12 UTC 2010
Adam Williamson wrote:
> Please do provide any and all feedback on the proposed policy. if we can
> get it into a shape which most people on the list would find acceptable,
> my next step will be to take it back to FESco for them to review.
> Thanks.
>From the proposal:
> Add, remove, upgrade or downgrade any system-wide application or shared
> resource (packaged or otherwise)
The current PackageKit policy in F12 updates still allows upgrading (as
opposed to installing or removing, not sure about downgrading, does
PackageKit even support that?) packages without root authentication. Is this
intended to be changed as part of the proposal or should the proposal be
fixed instead (just remove "upgrade" from the sentence)?
> New and changed privilege escalation mechanisms
Is the bureaucracy in this section really necessary? AFAICT what was missing
when the F12 PackageKit change was made was the informative part of the
proposal, the maintainer just didn't know what he should be allowing and
what not. I don't think the enforcement part is really needed, maintainers
should be able to get it right on their own given the detailed list of evil
things to avoid which the proposal provides and I haven't seen any evidence
as to the contrary (again, the PackageKit example is not applicable because
the PackageKit maintainer did NOT have such a list to go by when he made his
change; there's no reason to believe he'd have made that change in spite of
it).
Kevin Kofler
More information about the devel
mailing list