Le mardi 25 novembre 2008 à 13:03 -0500, David Zeuthen a écrit : > You are of course very free to do whatever you want with your operating > system but a couple of points here > > - ConsoleKit has nothing to do with assigning device permissions; dunno > know from where you got that idea. However, ConsoleKit as a mechanism > is typically used to dynamically manage ACL's on device nodes. I thought ConsoleKit was responsible for propagating the information about console seats that is used to set these permissions. Apparently this is wrong and pam_console is still responsible for it on Redhat, so please forgive the mistake. > - FWIW, mediating device access through group membership is > considered broken by most people that care about security [1]. > AFAIK, Ubuntu is moving away from it too. I am well aware that group membership is not a silver bullet. Still, I’d be glad if security people helped implement the missing pieces in the kernel rather than tell us every available solution we have is wrong :) > Again, you are free to do whatever you want in your OS. No one forces > you to use dynamic ACL's and if something in the future does that, then > I agree that it's problematic for something like GNOME to depend on. I see that we agree then. As long as this remains clear, I have no objection to making ConsoleKit a mandatory piece of the desktop. Actually, the uses that e.g. PulseAudio can have for it are really nice things to have. > Please avoid spreading misinformation. Thanks. This was certainly not my intention. Cheers, -- .''`. : :' : We are debian.org. Lower your prices, surrender your code. `. `' We will add your hardware and software distinctiveness to `- our own. Resistance is futile.
Attachment:
signature.asc
Description: Ceci est une partie de message =?ISO-8859-1?Q?num=E9riquement?= =?ISO-8859-1?Q?_sign=E9e?=