On Fri, Nov 07, 2014 at 01:21:04AM +0300, Reco wrote: > Package: libvirt-daemon-system > Version: 1.2.9-3~bpo70+1 > Severity: minor > > Dear Maintainer, > > A recent upload of backported libvirt packages introduced policykit-1 > hard dependency on libvirt-daemon-system package. > > Such dependency is unnecessary strict, as 'polkit' authentication type > (according to the /etc/libvirt/libvirtd.conf) is not the only > authentication libvirtd can use (it's trivial to modify libvirtd.conf to > remove the need of polkit), although libvirtd uses 'polkit' as the > default authentication type. > > Regardless of how suitable such dependency is for jessie, please > consider downgrading policykit-1 dependency to recommends for > wheezy-backports at least.
Having polkit installed and doing nothing (for people switching to socke based permission checks) is IMHO a better service to our users than having all the bugs for people installing without recommends (and there are many of those). Disabling polkit requires a bit of detailed knowledge to not introduce security holes e.g. via the socket activation file. I'll leave this open to hear about other opinions but I don't see any drawbacks on depending on polkit by default. Cheers, -- Guido -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
