Summary/Minutes from today's FESCo Meeting (2013-05-22)

Stephen Gallagher sgallagh at
Wed May 22 20:24:42 UTC 2013

Hash: SHA1

On 05/22/2013 03:30 PM, Kevin Fenzi wrote:
> * #1115 guidance from FESCO on packagekit upstream policykit
> change (nirik, 18:35:22) * LINK:
>   (nirik, 18:35:22) *
> AGREED: local, active, admin user can update/remove/etc. signed 
> software w/o password. apps using this should not operate without 
> confirmation from the user.  (nirik, 19:13:37)

FYI, I'd like to try to summarize some of the mitigating factors here
before sensational journalists get their hands on it.

This is *not* the same behavior as what we reverted in Fedora 12. Only
users that have been designated as "Administrators" (in Fedora, this
means membership in the 'wheel' group) will have the ability to
install *signed* packages without reauthenticating themselves
if-and-only-if they are the active user at the physical machine. We
determined that the added risk here is minimal (if someone has come up
to your unlocked system, they are most likely capable of doing far
greater harm).

To itemize what this policy change does *not* do:
 * It does *not* allow administrative users to install software over
an SSH connection without re-authenticating.
 * It does *not* allow non-administrative users to install software
without authenticating with administrative credentials
 * It does *not* allow administrative users to have software installed
without presenting them with a confirmation dialog.
Version: GnuPG v1.4.13 (GNU/Linux)
Comment: Using GnuPG with Thunderbird -


More information about the devel mailing list