PolicyKit 0.90 (pre-)release

Richard Hughes hughsient at gmail.com
Wed Jan 21 04:57:33 PST 2009 

On Wed, 2009-01-21 at 02:23 -0500, David Zeuthen wrote:
>  http://cgit.freedesktop.org/~david/polkit/tree/

How come not in the main PolicyKit git repo? :-)

> To recap, the main motivation for this rewrite is to make it easier to
> write backends that reads authorizations from a networked resource (such
> as a LDAP server).

Cool.

>  - GLib is used throughout so the porting issues (for BSD and Solaris)
>    with libkit etc. should be a thing of the past

Cool. So I assume we don't care about OOM (which is a good thing IMO).

>  - There's a GObject based library to access the PolicyKit daemon, see
> 
>    http://people.freedesktop.org/~david/polkit-0.90/docs/
> 
>    with both synchronous and asynchronous functions.
> 
>    Desktop environments etc. that doesn't use GObject are encouraged to
>    write their own client libraries that fit better into their object
>    framework.

Cool, but you're missing loads of gtk-doc comments, for instance
http://people.freedesktop.org/~david/polkit-0.90/docs/polkit-polkitauthorization.html -- what's polkit_authorization_get_is_negative do?

>  - When checking authorizations, applications can pass a flag to allow
>    user interaction. This should make it much simpler to use PolicyKit;
>    instead of the having to go through this painful model here
> 
> http://hal.freedesktop.org/docs/PolicyKit/model-theory-of-operation.html
> 
>    where a lot of work is put on the user of the application to poke
>    the authentication agent, everything can now happen out of band.

Cool, although this affects PackageKit pretty drasticly -- do you have
any initial porting guide or notes to put my mind at rest?

>  - The "retain authorizations" check boxes have been removed. A lot
>    of people didn't like them and I admit they didn't add much value.

So if you have an authorisation that can be remembered, it's always
remembered? What if admins want to authorise just once, and not remember
auth?

> Now, a few words about this (pre-)release. Don't put it in any stable
> distros! In particular the code hasn't seen any security audit at all,
> there's still a lot of TODO's left in the code and I'm pretty sure that
> it isn't secure. Also there's very little documentation nor is there any
> guide for how to port applications from PolicyKit 0.9 to the new
> codebase.

Right, without docs and a porting guide, it's not much interest to most
people. Without those potential early adopters (like me!) are going to
find it very difficult.

Do you want to put this pre-release in distros like rawhide? Is it just
not tested, or still definitely insecure?

> There's no TODO list yet. I'll be posting that tomorrow along with a
> roadmap for getting to PolicyKit 1.0.

Cool, great work.

Richard.

More information about the polkit-devel mailing list