[Bug 1035207] Re: passwordless install of webapps (based on repo whitelist)
Sebastien Bacher
seb128 at ubuntu.com
Fri Aug 10 08:32:05 UTC 2012
The approch seems fine to me, those don't really have lot of code and
those websites can already be accessed without password from a web
browser anyway, I would still like to get the security team opinion on
the topic though, installing random .js from the web in an easy way is
somewhat a bit scary ;-)
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to aptdaemon in Ubuntu.
https://bugs.launchpad.net/bugs/1035207
Title:
passwordless install of webapps (based on repo whitelist)
Status in “aptdaemon” package in Ubuntu:
New
Bug description:
For the unity-webapps work the webapps team would like to install packages that only contain unity-webapps
passwordless for a better user experience. They are regular packages but of a very simple form, essentially
just a javascript file and a icon and no maintainer scripts.
My proposal would be to add a new class of policykit action "org.debian.apt.install-package-whitelisted" that
we can override the permissons via /var/lib/polkit-1/localauthority/10-vendor.d/com.ubuntu.desktop.pkla (policykit-desktop-privileges) similar to what we did with "org.debian.apt.upgrade-packages".
The whitelist of the repository would be based on "Origin,Components" and packagename regexp. So something like:
(LP-PPA-app-review-board, main, ^unity-webapps-.*") for the webapps case.
Does that looks like a good approach to you?
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/aptdaemon/+bug/1035207/+subscriptions
More information about the foundations-bugs
mailing list