Announcement

Collapse
No announcement yet.

Am I the only one that thinks policykit is retarded?

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • #11
    The reality is that I'm an advanced power user far more capable than most other people.... Policykit is the -mechanism- that makes this situation possible. You can blame distributors all you want, but the bottom line fact is that polkit is the underlying cause. If Gentoo or any other distribution must be responsible for ensuring polkits blatent insecurities are avoided, then it -will- be in their best interest to fork it and finally establish a sane default configuration.

    EDIT: Whether you like it or not, it most definitely is not any distributions fault that policykit implements literally insane defaults. No distributor can fix that except by forking the damn thing.

    EDIT: What you just implied is that -ALL- people should have to know how to configure polkit. That is insane to think. The default config is a good choice for literally -zero- people. I'd be willing to bet money most Linux users never touch policykit and unwittingly leave the defaults in place. Sane defaults are critical for almost all people.
    Last edited by duby229; 02 May 2019, 10:51 AM.

    Comment


    • #12
      Originally posted by duby229 View Post
      The reality is that I'm an advanced power user far more capable than most other people.... Policykit is the -mechanism- that makes this situation possible. You can blame distributors all you want, but the bottom line fact is that polkit is the underlying cause. If Gentoo or any other distribution must be responsible for ensuring polkits blatent insecurities are avoided, then it -will- be in their best interest to fork it and finally establish a sane default configuration,
      Exactly what default configuration do you think comes from policykit project.



      The answer is no configuration comes from the policykit core project. Instead everything you have configured how policykit behaves is left to distributions and application providers.

      Originally posted by duby229 View Post
      EDIT: Whether you like it or not, it most definitely is not any distributions fault that policykit implements literally insane defaults. No distributor can fix that except by forking the damn thing.
      The default provided by policykit project is self is nothing. Absolutely nothing. How policykit is reacting is purely applications and distributions configurations.

      Policykit project only provides a mechanism. Zero configuration.




      Comment


      • #13
        Originally posted by oiaohm View Post
        Exactly what default configuration do you think comes from policykit project.

        https://packages.debian.org/buster/a...kit-1/filelist

        The answer is no configuration comes from the policykit core project. Instead everything you have configured how policykit behaves is left to distributions and application providers.



        The default provided by policykit project is self is nothing. Absolutely nothing. How policykit is reacting is purely applications and distributions configurations.

        Policykit project only provides a mechanism. Zero configuration.



        And that's exactly what's most retarded about it... It's a mechanism to implement system policies, and yet the people that develop it have no system in place to ensure sane defaults. It has no way to guarantee the end user -can- make a sane configuration or whether that configuration has ever even been tested. And yet they leave it to the end users to set up... So retarded... And in the case of Gentoo which has a policy itself to not set policies, it's even worse....

        EDIT: And not only that, but I don't think -anybody- would try to make the claim that policykit is simple, it's -far- too overly complex to leave it in the hands of end users to configure... Very, very few end users have the knowledge and skill to set it up in a sane configuration. Leaving it to end users is stupid.
        Last edited by duby229; 06 May 2019, 12:28 PM.

        Comment


        • #14
          Originally posted by duby229 View Post
          And that's exactly what's most retarded about it... It's a mechanism to implement system policies, and yet the people that develop it have no system in place to ensure sane defaults. It has no way to guarantee the end user -can- make a sane configuration or whether that configuration has ever even been tested. And yet they leave it to the end users to set up... So retarded... And in the case of Gentoo which has a policy itself to not set policies, it's even worse....

          You have overlooked something. Those who write policykit/polkit include the stuff you need for a GUI.

          Some distributions do provide this GUI for altering polkit configuration.

          Originally posted by duby229 View Post
          EDIT: And not only that, but I don't think -anybody- would try to make the claim that policykit is simple, it's -far- too overly complex to leave it in the hands of end users to configure... Very, very few end users have the knowledge and skill to set it up in a sane configuration. Leaving it to end users is stupid.
          Remember design of distribution security policy is between application developers and distributions. Also remember distributions do at times provide their own configuration tools. Yes some distributions are way simpler for users to configure polkit as the new name.

          There is only so far making a framework you should go. After that its then down to distributions and applications like kde and gnome to take over for a integrated experience.

          Comment


          • #15
            Originally posted by debianxfce View Post
            I do not want to be as stupid as Synaptic maintainers. Using pkexec is too complex and xml files requires maintenance. KISS. Fixing the problem in the kernel is the right solution. a cxd2841er patch is needed instead of your policykit hype.
            Really there is a solution in the kernel that is a workaround as well without patching the driver. It called selinux roles. To be truthful policykit is the KISS solution compared to that nightmare beast selinux roles.

            debianxfce the reality is we don't always have the option of perfection. If the driver cannot be fixed and you have to work around for issue policykit or selinux roles could make it smooth for end users.

            Really you are stupid debianxfce you have proven this to me. Policykit does work so it not hype. XML was chosen for policykit configuration at the time to make GUI tools more possible. Bad point we have not seen people interested in working on Polkit GUI as in most businesses when they configure Polkit stuff they are not after end users re-configuring it.

            By the way debianxfce are stupid you are using gksu.


            gksu is end of life. Never going to be updated to GTK3. No longer receiving any security updates. Recommend replacement to all usages of gksu is nothing other than pkexec that you are refusing to use.

            I was give you totally correct advice how you should change your script because you are using something that is technically unmaintainable because there is no maintainer being gksu.

            When I say I don't get why you are using something. I normally write that because its insecure and obsolete.

            Comment


            • #16
              Originally posted by debianxfce View Post
              It is sad that gksu is dropped in Debian buster. My distribution uses the stretch repository where it it is. Easy to use has a higher priority than security. Use your time time something better than insulting forum users and writing long essays. You are not feeling good.
              https://salsa.debian.org/gnome-team/.../debian/master You know how you been insulting IBM for gnome stuff. Quite a number of Gnome developers are Debian developers and have no direct link to redhat.

              Also read that commit log. gksu was 7 years ago moved to Attic as in being deprecated at this point pkexec. Gksu remove from menus in debian 3 years ago because it was going to be removed. A year ago gksu did it final release no longer to be a maintained debian package. gksu is likely to disappear stretch it will not be covered by the LTS version of stretch. The disappearance of gksu has already happen in LTS Jessie.

              Basically gksu was not just dropped from buster gksu was marked to be dropped well before the stretch was released. So using gksu for 7 years now for anything new has been security stupid because it was deprecated and it was only a matter of time until debian cleaned up their packaged applications no longer to require gksu then dropped it..
              Last edited by oiaohm; 08 May 2019, 09:09 PM.

              Comment


              • #17
                Originally posted by debianxfce View Post
                They used the quite of number gnome developers argument when Debian was planning to use Xfce as default desktop. A well designed, implemented, stable and ready desktop like the Xfce desktop does not need many developers. Poorly designed, implemented, buggy and never ready desktops like gnome3 and kde need many developers. IBM is the largest gnome3 and other poor software contributor. Debian gnome developers and other IBM believers prevents Linux desktop success.
                IBM/Redhat developers on the history of Gnome never crossed 15 percent of the people working on it. So never enough to veto anyone on anything. Redhat forked gnome quite a few times because they got out voted the most recent was only 3 years. Of course this is before getting taken over by IBM. Here the horrible thing every time Redhat forked because they did not get their way with gnome inside 6 months have end up dropping that idea and following gnome main path.

                GTK that Xfce depends on in fact is made by the Gnome project. XFCE would not exist without large numbers of the Gnome developers taking care of the toolkit and many lower down things Xfce needs to function because they need them for gnome 3.

                The reality here is the gnome developers are doing the R&D and XFCE attempts to take out the stable products of the Gnome R&D. XFCE really does not do any GUI R&D.

                Lets please remember as a xfce user you do need the Gnome developers to keep on doing what they are doing because if they stop XFCE is stuffed.

                If you want to look at a small windows manager that is standing on it own two feet you need to look at enlightenment that is about as small as team as you can go that is self supporting. Please note enlightenment already has Wayland support. Yes the self supporting ones have all started wayland support as part of main project or as a competing fork.

                Xfce is tail of hunt on Wayland support because they have to wait for the Gnome developers to get it sorted out.

                Originally posted by debianxfce View Post
                There are many useful packages that have been dropped in buster and can be found from older version of Debian. Nothing prevents to use them if they work with Debian Sid. For example, you can find packages for Debian Buzz, released in1996. http://archive.debian.org/debian/dists/
                Yes you can find old packages and use them. But using old not maintained packages is not a good security choice. gksu over the years have had a few different exploits turn up now that is not maintained any new exploits will never be fixed.

                Nothing prevents you from using unsupported packages is true. Just like nothing legally prevents you point a pistol at head with 1 bullet and playing russia rollette. Basically just because you can do it does not mean its not a stupid choice.

                Comment


                • #18
                  Originally posted by debianxfce View Post
                  Here are cheap unlimited 4G mobile connections and the WAN IP changes. Nobody attacks to your 4G router. 4G makes you happy, so move to India, there are cheap unlimited 4G mobile connections too and the sun is shining.

                  I am waiting to see a virus or attack in my system.
                  So lets make a security by obscurity arguement. This arguement you just made is exactly the same as saying closed source program is secure because you trust the vendor. Could you please attempt to make a smart arguement.

                  Comment


                  • #19
                    Originally posted by debianxfce View Post
                    As you wish and note to use the text correction tool in your browser:

                    I do and its not a incorrect spelling. Usa dictionaries class it as Obsolete form of argument. Its still in the Australian english dictionary as a valid word. Welcome to the word of stupid by the Official Australian English dictionary argument is incorrect spelling of arguement.

                    Sorry you were being a smart ass and you just got that wrong. I am Australian and I spelt the word how an Australian should.

                    Comment


                    • #20
                      Originally posted by debianxfce View Post
                      A Russian you are.
                      Don't know where you get that idea. Thinking I have been to Australian LCA and are known to quite a few different people in person. You have never meet me in person.

                      Russian normally would be using USA or UK spelling. If you have been watching my posts you will see a long history of Australian spelling oddities.

                      Comment

                      Working...
                      X