On Mi, 16.02.22 12:12, Ben Cotton (bcot...@redhat.com) wrote: > `pkexec` and `pkla-compat` > ([https://src.fedoraproject.org/rpms/polkit-pkla-compat package]) are > legacy tools that are no longer needed on a desktop and increase the > attack surface as they are SetUID binaries (`pkexec`) or not > maintained anymore (`pkla-compat`).
I find this wording weird... I seriously doubt we should consider "pkexec" legacy. It's the much nicer approach to the "sudo" problem, as mentioned in earlier discussions... Splitting it off into a separate package might be OK, but claiming that the fact that it is a suid binary makes it "legacy" sounds really strange to me, by that means we should also mark "sudo", "su", "ping", "mount", "umount", "write", "passwd", … and so on "legacy", but I doubt we are at that point, are we? hence I am not against the feature but please tone down the wording regarding pkexec, it's misleading. Say you want to split it out to reduce the attack surface, but don't use the word "legacy" in its context. (dropping "pkla-compat" given its unmaintained state is Ok to be called "legacy" i guess) Lennart -- Lennart Poettering, Berlin _______________________________________________ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
