Colin Walters wrote:
> An example of something that would be different between the RPM
> package and desktop spin is the policy for software installation. In
> the RPM package it should be either none allowed or "initiate updates
> only", whereas the desktop spin would allow clickthrough for arbitrary
> RPM installation. (This is mainly relevant in the future when we
> don't have a separate root password in important places in the UI
> flow).
The current policy is already safe for a shared lab. You cannot install
software as a user who hasn't authenticated as root (for the purpose of
sofware installation – PolicyKit rights are per task!) at least once. If, as
the admin, you're installing software from a user's account, you can uncheck
the box to remember authentication. And you cannot do anything which can
really break something, e.g. removing packages, without authenticating as
root EACH TIME.
Kevin Kofler
--
fedora-devel-list mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/fedora-devel-list
