Re: Proposed external dep: PolicyKit
- From: Brian Cameron <Brian Cameron Sun COM>
- To: "Jason D. Clinton" <me jasonclinton com>
- Cc: David Zeuthen <david fubar dk>, desktop-devel-list <desktop-devel-list gnome org>
- Subject: Re: Proposed external dep: PolicyKit
- Date: Wed, 07 May 2008 15:37:38 -0500
Jason:
If Sun wants to do something completely different from what the rest of
the community is doing, it seems like the responsibility for bearing the
consequences of that course of action should lay squarely on the
shoulders of Sun's engineering teams.
Understood. I was not really trying to suggest otherwise, I just wanted
to inform people of how decisions relating to PolicyKit will impact Sun.
That said, I would hope that the community would take this into some
consideration when making decisions.
I also was not trying to suggest that Sun would never consider
integrating PolicyKit. Of course, we might at some future point, but
it probably will not be in the near term. At the moment, it does not
seem there is a real need.
As I said in my previous email, there are not really very many GNOME
modules that Sun ships which use PolicyKit. Mainly because Sun seems to
be moving away from using GNOME system tools and will likely move
towards using our in-house developed Java-based "Visual Panels" [1]
instead. There do not seem to be many other GNOME programs that require
special authentications via PolicyKit. So it is not yet clear how
important it will be to support PolicyKit on Solaris.
Since there appears to be a clear way forward for you to write some
layer of compatibility with your different way, I don't understand why
we should hold back on mandatory dependencies.
One difficulty with supporting RBAC via PolicyKit compatibility layer
is that it complicates configuring the system. This is not desirable
especially when relating to security. A compatibility layer requires
that sysadmins need to configure both RBAC and PolicyKit separately
to make the two work together. Also, determining RBAC <-> PolicyKit
mappings has not been very straightforward. With work, we can probably
simplify and resolve these issues, but it is probably overstating things
to describe this as a "clear way forward".
Considering that PolicyKit is just one mechanism to support
authentication management, I guess I do not really understand the
need to make PolicyKit mandatory. Since GNOME is free software, I
would think that if Sun, or anybody, wants to add support for
alternative systems, such as RBAC, that this would, at least, be
considered.
If PolicyKitusage starts creeping into core GNOME modules, then Sun will
need to either modify the code to work without PolicyKit, or perhaps
integrating PolicyKit will become more of a priority. It is too early
to tell, I think.
Brian
[1] http://blogs.sun.com/dep/entry/visual_panels_in_opensolaris_2008
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
