polkit vs PolicyKit

To: tech-pkg <tech-pkg%netbsd.org@localhost>, Akio OBATA <obache%netbsd.org@localhost>
Subject: polkit vs PolicyKit
From: Benny Siegert <bsiegert%gmail.com@localhost>
Date: Thu, 2 Apr 2015 16:31:01 +0200

Hi!

While investigating this entry in pkg-vulnerabilities

policykit-[0-9]*    privilege-escalation
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4288

I found out that none of the patches apply, because the CVE is really
for a different thing, namely polkit.

According to https://drfav.wordpress.com/2009/12/22/polkit-and-kde-lets-make-the-point-of-the-situation/,
PolicyKit is now called polkit and has a different API. Now pkgsrc
contains PolicyKit-0.9 but not polkit; wip/polkit has been deleted by
Obache-san, saying "imported to main repository." but I believe he
also confused the two.

So:

1) If no one objects, I am going to change the vulnerabilities entry
to polkit-[0-9]*.
2) Do we want to replace PolicyKit with polkit? What is going to break if we do?


(Although it seems that Policykit and polkit can coexist, as the file
names are different.)


--Benny.

Prev by Date: Re: pkgsrc freeze period
Next by Date: Re: libressl status
Previous by Thread: daily pkgsrc CVS update output
Next by Thread: daily pkgsrc CVS update output
Indexes:

Home | Main Index | Thread Index | Old Index