2009/11/19 Richard Hughes <hughsi...@gmail.com> > > So if I pick "personal desktop", the change you made makes sense. If on > > the other hand, I choose "workstation" profile, I would obviously need a > > more locked down profile. > > Surely if you're deploying a workstation (1000s of workstations?) you > would just ship an extra package that set the PolicyKit policies > according to the domain policy, so if I was a school, I would allow > the active users to unplug removable drives, but not detach physical > drives. I would also stop them installing and upgrading (not even give > them the option to enter a root password) and also lock down who can > change the clock. I would also prevent them from installing debuginfo > files and being able to set thier audio system to real-time priority. > > The real argument is what set of users upstream software should > target. There's an argument for upstream to default to "no" for all > actions and for the admin to install a policy for "desktop", > "workstation" etc, but then there's just the related problem of what > policy package to choose by default for "Fedora". >
Why not choose them all? What about having packaged policy profiles? policykit-profile-i-am-paranoid policykit-profile-server policykit-profile-controlled-deployment policykit-profile-personal-desktop In the live CD install the last one by default, on the DVD, choose the server option. Either way, since it is a packaged profile, all someone will need to do to change to a different one is replace the RPM package with something appropriate. In this case, I do not think it is an either/or situation.
-- fedora-devel-list mailing list fedora-devel-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-devel-list
