~ by Dario on 13 April, 2009.
Posted in KDE, Linux, Qt Tags: kde, policykit, polkit, polkit-qt, solid, wicd
Now compiling trunk ;D Will test it
sheytan said this on 13 April, 2009 at 2:16 pm | Reply
k3b is going to depend on policy kit? You have got to be joking. That is sooo said.
tarunil said this on 13 April, 2009 at 4:47 pm | Reply
@tarunil: K3BSetup KCModule is. Outstanding how people want so bad a functionality, and the very moment you implement it, you got complaints on how you did it. Polkit is a freedesktop standard now, so be happy or please come up with another solution.
drfav said this on 13 April, 2009 at 4:57 pm | Reply
Why even bother with policy kit I think is the question. What was so horribly wrong with the old method.
tarunil said this on 13 April, 2009 at 5:16 pm | Reply
Let’s put it in the reverse way: what’s good with the old way that PolicyKit hasn’t?
Diego. said this on 13 April, 2009 at 5:24 pm | Reply
Why don’t you add console kit and selinux while your at it then with that logic.
tarunil said this on 13 April, 2009 at 5:27 pm | Reply
@tarunil: It is insecure. The old approach in KCM was embedding a GUI running as root, with all the nice security implications. Now you run a secure helper that can be started only upon explicit user authorization.
Consolekit: Useful to determine when a Console is active. This way, applications living in a single session can be aware of the fact that their session is the active one or not, avoiding background activities that can disturb other users.
Your logic is wrong. It’s like saying “I can use Gasoline or Hydrogen in my car. Gasoline works, so why should I care”. Got enough facts?
drfav said this on 13 April, 2009 at 5:33 pm | Reply
No I don’t have enough facts. IIRC, with k3b I could launch kdesu to initially let you set things up. That kdesu seems secure enough to me. If other distros was doing it insecurely, that’s their own fault and should know better.
tarunil said this on 13 April, 2009 at 5:44 pm | Reply
Insecure as well. The application will run in any case without knowledge of who called it, this means that if by chance you’re using sudo, and you have the 5 minutes authentication timeout, anyone can launch that application as root. And I was referring to KDE3′s kcm administrator button.
KDE, GNOME, Windows, Mac OS are using these new concepts to improve security, and it works. The bottom line is that with PolicyKit, UAC, Authorization Services or whatever else, you are sure that a logged in user that is in front of the PC (and that’s what ConsoleKit is for) is giving its explicit authorization, cutting down remote exploits. And I still can’t take why you’re so much against a component you wouldn’t even notice. If the auth dialog of PolicyKit popped up without you even knowing what it was, you wouldn’t be even complaining.
Policykit is less than 1 MB in size, and depends on dbus-glib and pam. You get a secure way for applications to perform root privileges without pain. What leads you to say that starting an application with kdesu is safe?
drfav said this on 13 April, 2009 at 6:09 pm | Reply
Um well, you can launch kdesu as many times as you like, but you won’t get anywhere unless you know the root password. Still seems secure to me. Wouldn’t notice? I’d have to configure the crap since I don’t run a binary distro.
At any rate, this seems pointless since your intent on this regardless. Thanks for taking away my choice.
tarunil said this on 13 April, 2009 at 6:16 pm | Reply
If you have the knowledge to run a non binary distro, you should also have the knowledge to configure Polkit, that boils down to setting your user into the administrator group. 1 file, 1 line, not that hard.
You’re welcome, but you would have to thank also GNOME developers, HAL developers, Network Manager developers, etc. I guess it’s not me taking away your choice, more the use of new technologies.
drfav said this on 13 April, 2009 at 6:31 pm | Reply
don’t feed the trolls Anyway, good work, compiling it in jaunty so i can please k3b 2.0 great work will plasma networkmanager use it too in 4.3?
Paulo Dias said this on 13 April, 2009 at 8:17 pm | Reply
I don’t read planetgnome, but a question for anyone that does: does GNOME have the same kind of whiny, belligerent, ungrateful users that always pop up on KDE blogs?
goodgrief said this on 13 April, 2009 at 8:48 pm | Reply
tarunil: Not all users need to have the root password. Period.
Ryan James said this on 13 April, 2009 at 10:50 pm | Reply
@Paulo: Well, some voices said that plasma networkmanager will aim extragear, since it’s pretty much a beast, so it might need its very own times. So you’ll probably need to get the package whenever it will be moved there.
@goodgrief: in the last times, it looks like it’s a KDE-only problem. Except for the fact that 80% of the whiners don’t use KDE *erm*
@Ryan: True as well. Out of topic, PolicyKit behaves like sudo in regards of the user: if you’re marked as an administrator in the polkit config file (just like you can using visudo), you are able to perform root actions.
drfav said this on 13 April, 2009 at 11:35 pm | Reply
Assuming this is still about the old implementation variant no longer recommended by PolicyKit upstream, do you have a timeline for the new implementation of polkit-qt?
Kevin Krammer said this on 14 April, 2009 at 8:55 am | Reply
@Kevin: Actually, this release removes the need for PolkitResult & friends, that’s the reason why it is BIC with 0.9.1 No more deprecated headers are included into polkit-qt’s headers. For 1.0, really depends on polkit guys.
drfav said this on 14 April, 2009 at 11:21 am | Reply
Fill in your details below or click an icon to log in:
You are commenting using your WordPress.com account. ( Log Out / Change )
You are commenting using your Twitter account. ( Log Out / Change )
You are commenting using your Facebook account. ( Log Out / Change )
Connecting to %s
Notify me of follow-up comments via email.
Blog at WordPress.com. Theme: ChaoticSoul by Bryan Veloso.
Get every new post delivered to your Inbox.