On Mon, Nov 12, 2012 at 10:37:54AM -0500, Steve Grubb wrote: > > > Of course, the real question is why the heck PolicyKit needs a Turing- > > > complete rule language (which also forced everyone to port their > > > existing rules) when the previously-used simple INI-style pkla rule > > > format did the job just fine! > Another problem is how would we do SCAP configuration checks when the > language > will allow 20 different ways to do the same thing? We might be able to do a > SHA256 has of the js. Which means you've completely lost any ability to > modify > the behaviour. In an ini file, we could pick out the lines that were > important > and check them only allowing other settings we don't care about to change. > > Additionally, access control decisions should be audited. There are no > libaudit bindings for javascript.
I'm very sympathetic to these concerns, but this is the way the upstream package has gone. How do we reconcile that? -- Matthew Miller ☁☁☁ Fedora Cloud Architect ☁☁☁ <mat...@fedoraproject.org> -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
