remove polkit from core?

[Bill Nottingham]

Steve Grubb (sgrubb at redhat.com) said: 
> > So, converting JavaScript rules to pkla syntax won't do any good. What is
> > worthwhile doing though, is to review all existing packages that ship such
> > rules, and stop them from doing that, if possible. JavaScript rules are
> > only meant for admin use, no OS-provided package should install them. We
> > only look in /usr/share to allow for the possibility of site-local
> > configuration that is distributed in packages.
> 
> Turning system configuration into a scriptable language is like going back in 
> time to the 70's and early 80's where you modified the source to have a 
> different behavior. Remember Basic programs where if you wanted it to do 
> something new, you change your copy so its better that the one people were 
> sharing?
> 
> It was decided a long time ago that its better to just have a parser that 
> looks for the things that people would commonly like to change. This way, you 
> have some assurance that the main binary has some integrity and you didn't 
> make some kind of typo that opens access for the world.

Given the move of most system configuration at a large scale to things
such as puppet and chef, I suspect that this argument has already lost in
the marketplace. Obviously, we should still support more locked down
configurations for the sites that need it, but programmatic application
of system configuration is likely to stay.

At least in the puppet/chef/etc cases you can tell when the system has
fallen out of the config, but other than a diff/hash you're not going to be
able to programmatically determine what it being out of configuration means
for the system operation itself.

Bill