Re: External dependencies, DeviceKit-power and GNOME Power Manager

Le mardi 25 novembre 2008 à 13:03 -0500, David Zeuthen a écrit :
> You are of course very free to do whatever you want with your operating
> system but a couple of points here
>  - ConsoleKit has nothing to do with assigning device permissions; dunno
>    know from where you got that idea. However, ConsoleKit as a mechanism
>    is typically used to dynamically manage ACL's on device nodes.

I thought ConsoleKit was responsible for propagating the information
about console seats that is used to set these permissions. Apparently
this is wrong and pam_console is still responsible for it on Redhat, so
please forgive the mistake.

>  - FWIW, mediating device access through group membership is
>    considered broken by most people that care about security [1].
>    AFAIK, Ubuntu is moving away from it too.

I am well aware that group membership is not a silver bullet. Still, I’d
be glad if security people helped implement the missing pieces in the
kernel rather than tell us every available solution we have is wrong :)

> Again, you are free to do whatever you want in your OS. No one forces
> you to use dynamic ACL's and if something in the future does that, then
> I agree that it's problematic for something like GNOME to depend on.

I see that we agree then. As long as this remains clear, I have no
objection to making ConsoleKit a mandatory piece of the desktop.
Actually, the uses that e.g. PulseAudio can have for it are really nice
things to have.

> Please avoid spreading misinformation. Thanks.

This was certainly not my intention.

: :' :      We are Lower your prices, surrender your code.
`. `'       We will add your hardware and software distinctiveness to
  `-        our own. Resistance is futile.

Attachment: signature.asc
Description: Ceci est une partie de message =?ISO-8859-1?Q?num=E9riquement?= =?ISO-8859-1?Q?_sign=E9e?=

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]