[Portland] Doubts about xdg-su and xdg-screensaver (Was Re:First xdg-utils beta release)
waldo.bastian at intel.com
Fri Jul 7 10:50:04 EEST 2006
I don't see xdg-su so much as a "system integration" tool as well as a
desktop integrated version of "su -c". We discussed this at the DAM-II
meeting and I had the impression that people still saw a need for xdg-su
style functionality next to a PolicyKit based approach. In that context
I asked Alex Larsson if Fedora or RHEL had any plans to drop su and
there don't seem to be any plans in that direction.
Will PolicyKit be part of RHEL5?
Linux Client Architect - Client Linux Foundation Technology
Channel Platform Solutions Group
Intel Corporation - http://www.intel.com/go/linux
OSDL DTL Tech Board Chairman
>From: David Zeuthen [mailto:david at fubar.dk]
>Sent: Thursday, July 06, 2006 3:45 PM
>To: Dan Kegel
>Cc: Bastian, Waldo; xdg at lists.freedesktop.org;
>portland at lists.freedesktop.org
>Subject: Re: [Portland] Doubts about xdg-su and xdg-screensaver (Was
>Re:First xdg-utils beta release)
>On Thu, 2006-07-06 at 15:38 -0700, Dan Kegel wrote:
>> On 7/6/06, David Zeuthen <david at fubar.dk> wrote:
>> > xdg-su really needs to go. Here are just two reasons
>> > 1. I don't think we should be encouraging ISV's to use insecure
>> > methods to do privileged operations. It's a
>> > that encourages lazy programming.
>> > 2. I'm not sure how this would be implemented on Fedora or RHEL
>> > unless I'm mistaken, the point is to not lock out any OS'es
>> > wants to participate, yes?
>> Once polkit-su is ready, can't xdg-su be a symlink to it?
>> So what's the problem?
>Well, it's a lot more complicated that I previously envisioned in my
>weblog: to do privileged operations in a secure fashion you basically
>need to architect your application to support it. Here's the PolicyKit
>spec, work-in-progress but 90% done
>and I also mentioned it in my GUADEC talk last week
>Hope this clarifies.
More information about the xdg