Package: hal Version: 0.5.12~git20090406.46dc48-2 Severity: important
I think that it is a bad thing that HAL started depending on PolicyKit in the latest versions. PolicyKit introduces a whole new, parallel security system, and it does not seem to be well-known how it works or how to properly administer it (I, for one, certainly don't know how it works, at least). Therefore, it may introduce security holes unknown to the maintainer of some systems. In particular seeing how HAL is required by so many things (GNOME and KDE, for example), it may even install PolicyKit without the administrator knowing about it (installing GNOME or KDE pulls in so many other packages anyway that it might be hard to spot PolicyKit among them; I almost missed it in the latest dist-upgrade). I have not researched it in detail yet, so I don't really know if it's a good solution, but I would suggest some optional bridge package which integrates HAL and PolicyKit, and which can be installed by those who want PolicyKit. Of course, it is true that the same thing may be said of HAL as well, put since the entire purpose of PolicyKit is to introduce a new layer of security and permissions, I would consider it even more dangerous. -- System Information: Debian Release: squeeze/sid APT prefers testing APT policy: (500, 'testing'), (400, 'unstable'), (1, 'experimental') Architecture: i386 (i686) Kernel: Linux 2.6.26-1-686 (SMP w/2 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages hal depends on: ii adduser 3.110 add and remove users and groups ii dbus 1.2.12-1 simple interprocess messaging syst pn hal-info <none> (no description available) ii libc6 2.9-4 GNU C Library: Shared libraries ii libdbus-1-3 1.2.12-1 simple interprocess messaging syst ii libdbus-glib 0.80-3 simple interprocess messaging syst ii libexpat1 2.0.1-4 XML parsing C library - runtime li ii libgcc1 1:4.3.3-3 GCC support library ii libglib2.0-0 2.20.0-2 The GLib library of C routines ii libhal-stora 0.5.12~git20090406.46dc48-2 Hardware Abstraction Layer - share ii libhal1 0.5.12~git20090406.46dc48-2 Hardware Abstraction Layer - share ii libsmbios2 2.0.3.dfsg-1 Provide access to (SM)BIOS informa ii libstdc++6 4.3.3-3 The GNU Standard C++ Library v3 ii libusb-0.1-4 2:0.1.12-13 userspace USB programming library ii libvolume-id 0.125-7 libvolume_id shared library ii lsb-base 3.2-22 Linux Standard Base 3.2 init scrip ii mount 2.13.1.1-1 Tools for mounting and manipulatin ii pciutils 1:3.1.2-3 Linux PCI Utilities pn pm-utils <none> (no description available) ii udev 0.141-1 /dev/ and hotplug management daemo ii usbutils 0.73-10 Linux USB utilities Versions of packages hal recommends: ii eject 2.1.5+deb1+cvs20081104-5 ejects CDs and operates CD-Changer pn libsmbios-bin <none> (no description available) Versions of packages hal suggests: pn gnome-device-manager <none> (no description available) -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org