are you annoyed by frequent password prompts?

Daniel J Walsh dwalsh at redhat.com
Wed Sep 11 12:53:24 UTC 2013


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 09/11/2013 03:10 AM, Dhiru Kholia wrote:
> Hi,
> 
> In FESCo ticket #1115, it was decided to modify the privilege escalation 
> policy in order to allow local, active, admin user to update/remove/etc 
> signed software without requiring a password.
> 
> At this point, such an user can do "pkcon install <package>" to install 
> packages without being prompted for the password.
> 
> In FESCo ticket #1117, it was decided to extend this policy to potentially
> cover other privileged operations. At this point, "we" are looking for more
> use cases. Lot of such use cases are already listed on the following page,
> 
> https://fedoraproject.org/wiki/Privilege_escalation_policy
> 
> Here is a sample use case; ability to launch my own VMs using virt-manager
> without authenticating every time.
> 
> Do *you* have a use case of your own? Here is your chance to get rid of 
> those password prompts for your own use case!
> 
> Please *note* that these policies can be modified locally (or disabled 
> altogether) to fit different situations. An option to *specifically* enable
> or disable such privilege escalation policy can be given at the install
> time or / and run-time. Thoughts?
> 
> Also *note* that the goal of this email (and the ticket in general) is to
> promote brainstorming at this point. I'm not saying or promising that "we"
> are going to do everything you guys demand.
> 
> Some of you may find http://tinyurl.com/linus-printer to be relevant here.
> 
> FESCo Tickets ==============
> 
> https://fedorahosted.org/fesco/ticket/1115
> 
> https://fedorahosted.org/fesco/ticket/1117
> 
> Bugzilla Links ==============
> 
> https://bugzilla.redhat.com/show_bug.cgi?id=975214
> 
Is the policy as far as installing packages on getting them from a signed repo
or does it allow me to install a random package I download from the internet.

Signed Repo not a bad idea.  Random crap from the internet not a good idea.
Since firefox can out and crab stuff to install, and I would never no.


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iEYEARECAAYFAlIwZ8QACgkQrlYvE4MpobM2NgCgw82uvwwcy7MpVJpJ7wfTKRSA
sMkAoMnj54B14HcCnJXwrpjhAPp44CYq
=ohvd
-----END PGP SIGNATURE-----


More information about the devel mailing list