remove polkit from core?
Matthew Miller
mattdm at fedoraproject.org
Tue Nov 13 19:32:17 UTC 2012
On Tue, Nov 13, 2012 at 02:07:53PM -0500, Matthias Clasen wrote:
> A concrete action that we are going to take is to split the polkit daemon
> into its own subpackage. Then minimal / certifiable installs can contain
> clients that are using the polkit libraries, without pulling in the
> daemon. Polkit clients are already expected to handle this situation and
> fall back to allow only uid 0. All of this is documented in
So, is it fair to say that this allows the choice of:
* auditable but with root-only access
* configurable policy that doesn't meet the requirements for some secure
enterprise uses
?
I'm not going to spend a lot of time to oppose that, but I will note that
it's sad to lose the middle ground provided by key-value configuration, when
that covers a lot of cases.
--
Matthew Miller ☁☁☁ Fedora Cloud Architect ☁☁☁ <mattdm at fedoraproject.org>
More information about the devel
mailing list