Polkit on Duktape
Shawn Walker-Salas
shawn.walker at oracle.com
Tue Aug 18 11:11:07 PDT 2015
On 08/15/15 10:02 AM, Jasper St. Pierre wrote:
> So, where did we get with this?
>
> * JavaScript rules are (somewhat) a failure, but it's not something
> we can back out of easily, because doing that could break people who
> rely on JS rules, causing a gap where rules aren't being applied. Not
> a good situation to be in. Going back to PKLA rules might also mean
> that someone who can't express complex ACL logic in those rules means
> that they reinvent polkit in their app.
>
> * Even though mozjs isn't getting new stable standalone releases, the
> fact that it's been more "battle-tested" than Duktape means that it's
> still a better pick. Even though it's much slower for our use-case and
> much more complex than it needs to be.
>
> Is that a good summary?
Is it really better than mozjs considering how ancient of a version
polkit builds with currently?
Quite frankly, from a distribution maintainer's perspective, it would be
far preferable to use duktape or something far smaller and more bounded.
polkit's dependency on mozjs is a royal pain, especially for
distributions that build on more "niche" platforms where mozjs is only
recently gaining support for some hardware and operating systems.
As a result, currently, distribution maintainers not only end up
responsible for porting mozjs themselves, but they end up having to port
or patch polkit to work with later versions.
I'd also think from a security perspective that having a much smaller
attack surface would be preferable.
-Shawn
More information about the polkit-devel
mailing list