On Fri, 2022-02-18 at 13:54 +0100, Lennart Poettering wrote:
>
> sudo is what users/admins use. pkexec is what (desktop) programs often use.
In which case we can have the programs that use it depend on it, so at
least we have those requirements mapped distinctly. To me it makes more
sense to say
On Mi, 16.02.22 15:01, Adam Williamson (adamw...@fedoraproject.org) wrote:
> > > hence I am not against the feature but please tone down the wording
> > > regarding pkexec, it's misleading. Say you want to split it out to
> > > reduce the attack surface, but don't use the word "legacy" in its
> >
On Thu, 2022-02-17 at 15:29 -0500, Owen Taylor wrote:
>
> I just tried this, actually, for giggles. Two reasons it's a non-
> > starter: it prompts for the root password, not for my user password (my
> > user is an 'admin' so far as sudo etc. are concerned, but apparently
> > not an 'admin' so far
On Wed, 16 Feb 2022 09:17:41 -0800
Adam Williamson wrote:
> On Wed, 2022-02-16 at 12:12 -0500, Ben Cotton wrote:
> > https://fedoraproject.org/wiki/Changes/polkit_recommends_pkla_pkexec
> >
> > == Summary ==
> > Split `pkexec` from the polkit package and make it a recommended
> > only sub-packag
On Wed, Feb 16, 2022 at 12:14 PM Ben Cotton wrote:
> https://fedoraproject.org/wiki/Changes/polkit_recommends_pkla_pkexec
> [..]
> `pkexec` and `pkla-compat`
> ([https://src.fedoraproject.org/rpms/polkit-pkla-compat package]) are
> legacy tools that are no longer needed on a desktop and increase
On Wednesday, February 16, 2022 6:01:48 PM EST Adam Williamson wrote:
> I just tried this, actually, for giggles. Two reasons it's a non-
> starter: it prompts for the root password, not for my user password
> (my user is an 'admin' so far as sudo etc. are concerned, but
> apparently not an 'admin'
On Thu, Feb 17, 2022 at 2:28 PM Adam Williamson
wrote:
> On Wed, 2022-02-16 at 13:55 -0500, Neal Gompa wrote:
> > On Wed, Feb 16, 2022 at 12:38 PM Lennart Poettering
> > wrote:
> > >
> > > On Mi, 16.02.22 12:12, Ben Cotton (bcot...@redhat.com) wrote:
> > >
> > > > `pkexec` and `pkla-compat`
> >
On Wed, 2022-02-16 at 13:55 -0500, Neal Gompa wrote:
> On Wed, Feb 16, 2022 at 12:38 PM Lennart Poettering
> wrote:
> >
> > On Mi, 16.02.22 12:12, Ben Cotton (bcot...@redhat.com) wrote:
> >
> > > `pkexec` and `pkla-compat`
> > > ([https://src.fedoraproject.org/rpms/polkit-pkla-compat package]) a
> https://fedoraproject.org/wiki/Changes/polkit_recommends_pkla_pkexec
> See in progress PR: https://src.fedoraproject.org/rpms/polkit/pull-request/2
From a comment in the PR:
> IMHO making polkit-pkla-compat optional is seriously risky. The
> configuration can contain “if user=foo deny” entries,
On Wed, Feb 16, 2022 at 12:38 PM Lennart Poettering
wrote:
>
> On Mi, 16.02.22 12:12, Ben Cotton (bcot...@redhat.com) wrote:
>
> > `pkexec` and `pkla-compat`
> > ([https://src.fedoraproject.org/rpms/polkit-pkla-compat package]) are
> > legacy tools that are no longer needed on a desktop and increa
> I find this wording weird... I seriously doubt we should consider
> "pkexec" legacy. It's the much nicer approach to the "sudo"
> problem,
> as mentioned in earlier discussions...
>
> Splitting it off into a separate package might be OK, but claiming
> that the fact that it is a suid binary make
> Splitting them off but making them Recommended seems odd to me. At that
> point we've got all the work of splitting them but little of the
> benefit, because soft dependencies are included when building images,
> so our default installs are still going to include pkexec.
>
> Why not just not hav
On Mi, 16.02.22 12:12, Ben Cotton (bcot...@redhat.com) wrote:
> `pkexec` and `pkla-compat`
> ([https://src.fedoraproject.org/rpms/polkit-pkla-compat package]) are
> legacy tools that are no longer needed on a desktop and increase the
> attack surface as they are SetUID binaries (`pkexec`) or not
>
On Wed, 2022-02-16 at 12:12 -0500, Ben Cotton wrote:
> https://fedoraproject.org/wiki/Changes/polkit_recommends_pkla_pkexec
>
>
> == Summary ==
> Split `pkexec` from the polkit package and make it a recommended only
> sub-package. Similarly, make the polkit-pkla-compat package a
> recommended pac
https://fedoraproject.org/wiki/Changes/polkit_recommends_pkla_pkexec
== Summary ==
Split `pkexec` from the polkit package and make it a recommended only
sub-package. Similarly, make the polkit-pkla-compat package a
recommended package too. This will enable users and desktop no longer
relying on t
15 matches
Mail list logo
