raising warning flag on firewalld-default feature
Przemek Klosowski
przemek.klosowski at nist.gov
Wed Nov 21 15:01:07 UTC 2012
On 11/21/2012 05:50 AM, Rahul Sundaram wrote:
> On Tue, Nov 20, 2012 at 3:39 PM, Przemek Klosowski wrote:
>
> It can be made simple, if you look at it the right way. One wouldn't
> start with a generic interpreter, but rather evaluate the config
> script in a domain-specific context.
> I think you just agreed in a roundabout way It *could* be made simple
> perhaps but there is no documentation or best practices document that
> covers how sysadmins are supposed to handle the simple configuration
> needs like the pkla format did. Replacing pkla with the ability to run
> Javascript doesn't make them feel powerful. It just makes them uneasy.
> Sysadmins are not typically familiar with Javascript. A lot of GNOME
> developers these days are but that doesn't translate into a good design
> for PolicyKit.
I agree that this is not optimal--I think what happened was the original
design intended to embed the logic in the compiled code, then the
requirement for flexibility required the scripting capability, and the
Javascript library was available for embedding, and PK ended with an
interpreter bag sutured to its side.
This discussion started by someone's criticism of scripting, and I
started to point out that scripting is useful and often necessary, so it
finds its way in anyway---so if we just accepted this and embraced
scripting, and tried to settle on a common, best practices way, it is
possible to do it so that it's simple in the straightforward cases, and
scales up to complex logic if needed.
More information about the devel
mailing list