Talk:Polkit

This article is rated Stub-class on Wikipedia's content assessment scale. It is of interest to the following WikiProjects:

Software: Computing Low‑importance This article is within the scope of WikiProject Software, a collaborative effort to improve the coverage of software on Wikipedia. If you would like to participate, please visit the project page, where you can join the discussion and see a list of open tasks.SoftwareWikipedia:WikiProject SoftwareTemplate:WikiProject Softwaresoftware articles Low This article has been rated as Low-importance on the project's importance scale. This article is supported by WikiProject Computing. Linux Low‑importance This article is within the scope of WikiProject Linux, a collaborative effort to improve the coverage of Linux on Wikipedia. If you would like to participate, please visit the project page, where you can join the discussion and see a list of open tasks.LinuxWikipedia:WikiProject LinuxTemplate:WikiProject LinuxLinux articles Low This article has been rated as Low-importance on the project's importance scale. Computing: Software / Free and open-source software Low‑importance This article is within the scope of WikiProject Computing, a collaborative effort to improve the coverage of computers, computing, and information technology on Wikipedia. If you would like to participate, please visit the project page, where you can join the discussion and see a list of open tasks.ComputingWikipedia:WikiProject ComputingTemplate:WikiProject ComputingComputing articles Low This article has been rated as Low-importance on the project's importance scale. This article is supported by WikiProject Software. This article is supported by Free and open-source software.

There's a [by whom?] tag on the sentence "Since version 0.105, released in 2015[2] the name of the project was changed[by whom?] from PolicyKit to polkit [..]". This seems completely unnecessary to me. It is obvious that when a project changes its name, the name was changed "by" the project. There's no good way to ascribe a group decision like that to any individual, nor do I see what the point would be of doing so. If there's no arguments against it, I'm going to remove that tag.

Either the name change is not universal or there is a fork. Debian has policykit-1 and no polkit. John Talbut (talk) 14:43, 13 April 2018 (UTC)[reply]

 Debian dosn't ship updates that break backward compatibility. So there is a "grave"-Bug in PolKit that it breaks backward compatibility. As long as there is no solution for this problem like migration scripts debian will likely stay on the old PolicyKit version. IMHO it dosn't hurt. Changes where appreciated mostly by the devs themselves not so much by most users or admins who have to migrate all their scripts and have to learn another not very easy to (securely) master language. --2001:7C0:3006:301D:921B:EFF:FEE0:7EBB (talk) 09:23, 7 August 2020 (UTC)[reply]

This desparately needs expansion with more details, as well as a tie-in to other related articles and how-to links. It is missing a connection to basic authorization and permissions articles. - KitchM (talk) 02:54, 7 March 2010 (UTC)[reply]

"Whoever moron thought that it's "good security" to require the root password for everyday things like this is mentally diseased." https://plus.google.com/+LinusTorvalds/posts/1vyfmNCYpi5 — Preceding unsigned comment added by 144.85.187.234 (talk) 19:34, 9 November 2012 (UTC)[reply]

It's definitely a design intended for easy desktop use by beginner users, and possibly partly inspired from systems like Apple/NetBSD kauth and other MAC (Mandatory Access Control) and java policies, but limited to a higher level scope. Seasoned unix sysadmins and systems programmers may consider this pervasive (like sudo, extensive setuid usage, and to some extent, dbus, RPC with privilege separation, xrandr, etc), to be a type of "controled privilege escalation" or "controled security hole", even if it's poked though some preferences (which might also be security-suboptimal using the distribution-supplied defaults). This is information which could be added, but we also need to find references and properly present this in an objective enough way that does not sound too much like a rant :) 76.10.128.192 (talk) 02:04, 29 March 2013 (UTC)[reply]

This one: [Nov 8, 2021, 24:42]; may be rescued. It has valuable information. Best. AXONOV (talk) ⚑ 08:51, 27 January 2022 (UTC)[reply]

I have removed the citation-needed tags placed by @Alexander Davronov: because the existing citations are literally stating these factors. The qualys.com ref says, "This vulnerability has been hiding in plain sight for 12+ years and affects all versions of pkexec since its first version in May 2009". The zdnet.com ref says, "An unprivileged local user can exploit this vulnerability to get full root privileges. Although this vulnerability is technically a memory corruption, it is exploitable instantly and reliably in an architecture-independent way. And, last but not least, it's exploitable even if the polkit daemon itself is not running." Richard J Kinch (talk) 10:03, 29 January 2022 (UTC)[reply]

@Richard J Kinch: No citations given. You are supposed to provide them per every statement I've requested sources for. Put zdnet sources after statements, don't simply remove tags. Regards. AXONOV (talk) ⚑ 10:26, 29 January 2022 (UTC)[reply]

@Alexander Davronov: The identical cite is to be repeated at the end of every sentence in a paragraph? That can't be a proper style. You can draw more than one statement from a single ref. The first sentence gets the ref; the others not. Please refer me to the Manual of Style if I am mistaken. Richard J Kinch (talk) 15:55, 29 January 2022 (UTC)[reply]

@Richard J Kinch: WP:PROVEIT AXONOV (talk) ⚑ 16:20, 29 January 2022 (UTC)[reply]

@Alexander Davronov: I quoted the citations above, precisely the citations which I have inserted inline in the article. Richard J Kinch (talk) 03:40, 31 January 2022 (UTC)[reply]

Citations should be given after a statement, not just before even if it's relevant. AXONOV (talk) ⚑ 08:42, 1 February 2022 (UTC)[reply]

The lead sentence in a paragraph giving the citation once is sufficient. Follow-on sentences in the same paragraph do not need redundant refs that just repeat what a previous sentence gave. Otherwise every sentence in the encyclopedia is going to be cluttered with redundant ref's. You can write one or more paragraphs based on a single citation and ref, with any number follow-on statements that expand on details. Perhaps you're confusing "citations" with "references". The citation-needed tag (WP:FAILV) is for statements lacking citations, which is not at all the case here where every statement is well sourced. Richard J Kinch (talk) 10:43, 2 February 2022 (UTC)[reply]