[Portland] Doubts about xdg-su and xdg-screensaver (Was Re: First xdg-utils beta release)

David Zeuthen david at fubar.dk
Fri Jul 7 01:45:04 EEST 2006

On Thu, 2006-07-06 at 15:38 -0700, Dan Kegel wrote:
> On 7/6/06, David Zeuthen <david at fubar.dk> wrote:
> > xdg-su really needs to go. Here are just two reasons
> >
> >  1. I don't think we should be encouraging ISV's to use insecure
> >     methods to do privileged operations. It's a get-out-of-jail-card
> >     that encourages lazy programming.
> >
> >  2. I'm not sure how this would be implemented on Fedora or RHEL and,
> >     unless I'm mistaken, the point is to not lock out any OS'es that
> >     wants to participate, yes?
> Once polkit-su is ready, can't xdg-su be a symlink to it?
> So what's the problem?

Well, it's a lot more complicated that I previously envisioned in my
weblog: to do privileged operations in a secure fashion you basically
need to architect your application to support it. Here's the PolicyKit
spec, work-in-progress but 90% done


and I also mentioned it in my GUADEC talk last week


Hope this clarifies.


More information about the xdg mailing list