Fredrik Tolf [2009-05-04 21:37 +0000]: > Just in case I wasn't clear enough, my argument is this: Without > PolicyKit, I had to take explicit action in order to grant privileges to > users, while with PolicyKit, I have to take explicit action in order to > *not* grant privileges to users.
That's not an inherent property of PK vs. groups, but a matter of default configuration. E. g. the installer used to put the default user into plugdev, powerdev, etc., and users-admin (from gnome-system-tools) did similar things for a "desktop user". Likewise, there are PolicyKit privileges which you don't have as an user, for good reason (like mounting an internal hard disk). The job of us as a distro is to provide a sensible default configuration which provides a good balance between security and usability. For example, it doesn't make much sense to deny access to an USB camera or scanner to an user at a local console; he has physical access to those devices, after all. On the other hand, an user logging in through ssh should arguably not have these capabilities. Thus I am very much against making PK optional. It will only aggravate the confusion, since there will be systems which use PK and some which don't. History showed that device access privileges can't be sensibly mapped to and maintained with static group membership, so we should settle to _one_ system of verifying privileges, also to be compatible with the rest of the world. To be fair, I had very similar feelings like you when I heared about PK the first time, since it seemed to be that ominous new thing which opened root holes in the background. :-) Just my € 0.02, Martin -- Martin Pitt | http://www.piware.de Ubuntu Developer (www.ubuntu.com) | Debian Developer (www.debian.org) -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org