[Pkg-libvirt-maintainers] Bug#768376: Bug#768376: libvirt-daemon-system: Please downgrade policykit-1 dependency to recommends
Guido Günther
agx at sigxcpu.org
Fri Nov 7 07:46:42 UTC 2014
On Fri, Nov 07, 2014 at 01:21:04AM +0300, Reco wrote:
> Package: libvirt-daemon-system
> Version: 1.2.9-3~bpo70+1
> Severity: minor
>
> Dear Maintainer,
>
> A recent upload of backported libvirt packages introduced policykit-1
> hard dependency on libvirt-daemon-system package.
>
> Such dependency is unnecessary strict, as 'polkit' authentication type
> (according to the /etc/libvirt/libvirtd.conf) is not the only
> authentication libvirtd can use (it's trivial to modify libvirtd.conf to
> remove the need of polkit), although libvirtd uses 'polkit' as the
> default authentication type.
>
> Regardless of how suitable such dependency is for jessie, please
> consider downgrading policykit-1 dependency to recommends for
> wheezy-backports at least.
Having polkit installed and doing nothing (for people switching to
socke based permission checks) is IMHO a better service to our users
than having all the bugs for people installing without recommends (and
there are many of those). Disabling polkit requires a bit of detailed
knowledge to not introduce security holes e.g. via the socket
activation file.
I'll leave this open to hear about other opinions but I don't see any
drawbacks on depending on polkit by default.
Cheers,
-- Guido
More information about the Pkg-libvirt-maintainers
mailing list