are you annoyed by frequent password prompts?

Miloslav Trma─Ź mitr at volny.cz
Mon Sep 30 14:22:40 UTC 2013


Hello,
On Wed, Sep 11, 2013 at 9:10 AM, Dhiru Kholia <dhiru.kholia at gmail.com> wrote:
> In FESCo ticket #1115, it was decided to modify the privilege escalation
> policy in order to allow local, active, admin user to update/remove/etc
> signed software without requiring a password.
<snip>
> In FESCo ticket #1117, it was decided to extend this policy to
> potentially cover other privileged operations. At this point, "we" are
> looking for more use cases. Lot of such use cases are already listed on
> the following page,

The question FESCo was considering is not "which password prompts are
annoying", but "what system-wide policy does something useful"?  For
example, the "Scope" part of
https://fedoraproject.org/wiki/Privilege_escalation_policy is a
general policy (providing a specific security-relevant promise), and
the rest of the page is just a specific implementation.  Similarly,
see https://fedorahosted.org/fesco/ticket/1117#comment:2 attempts to
approach the problem from a similar angle.

Starting with annoying use cases an using them to find how the general
policy needs to change does make a lot of sense, or course; I just
wanted to make sure that the subject of the email does not mislead us
into just killing passwords left and right.
    Mirek


More information about the devel mailing list