On Thu, 2014-12-04 at 16:07 +0100, Ludovic Rousseau wrote: > >> Should I revert the patch? > > The drawback of that approach is that each accept()ed session will be > > blocked > > until the password is entered and sent by the user. If the user goes for > > lunch > > without entering a password that session will be blocked from processing any > > other requests. I cannot predict how that would affect typical pcscd usage. > > I think that it would be better for that change to be combined with using > > polkit > > asynchronously. > IsClientAuthorized() is called only from ContextThread(). This code is > running in a thread dedicated to the PC/SC client (in fact dedicated > to a SCardEstablishContext context). So blocking this thread should > not affect the other pcscd tasks.
I remember I have practical issues with polkit authentication enabled, and that why it was explicitly disabled. It's been some time and I may be wrong, but you may know better whether an application (e.g. a gnome component) could potentially use a single pcscd connection for multiple requests sent in parallel. If Stanislav has, however, tested such use cases and they cause no issue I have no problem with the change. > Stanislav Brabec wrote: > Well, We can keep the patch and change defaults. Then the default > configuration can never cause delays, but users of ssh remote sessions > and so will still be able to authorize after admin's conscious changes > of configuration. I find that wrong. The policy should not be used to correct a software issue. regards, Nikos _______________________________________________ Pcsclite-muscle mailing list [email protected] http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pcsclite-muscle
