On Thu, Mar 01, 2012 at 04:33:29PM -0500, James Knott wrote:
Jim Henderson wrote:
What I'm saying is that different people have different requirements based on what their use case is for the software. Some people need restrictive policies because they're in higher security environments.
Not to put too fine a point on it, James, but this is complete nonsense. You're assuming that in the "real world" everyone has the exact same requirements for security. That is demonstrably not true.
As I have I said several times, it should be optional, at the dicretion of the admin or employer. However, that does not seem to be possible at the moment and that's what all the fuss is about. The developers decided they knew better than the users about what security is required to the point that it is currently useless in many business environements.
The security team decided on a good standard policy. No other developers were found that worked on a good design that is both usable and secure.
As I mentioned, I would not be able to do my work for that insurance company, if I'd been handed openSUSE 12.1
You can change the settings on your own machine (or your admin can). Currently e.g. like: - edit /etc/polkit-default-privs.local add the lines: org.opensuse.cupspkhelper.mechanism.printer-set-default auth_admin_keep:auth_admin_keep:yes org.opensuse.cupspkhelper.mechanism.printer-enable auth_admin_keep:auth_admin_keep:yes org.opensuse.cupspkhelper.mechanism.printer-local-edit auth_admin_keep:auth_admin_keep:yes org.opensuse.cupspkhelper.mechanism.printer-remote-edit auth_admin_keep:auth_admin_keep:yes org.opensuse.cupspkhelper.mechanism.class-edit auth_admin_keep:auth_admin_keep:yes org.opensuse.cupspkhelper.mechanism.server-settings auth_admin_keep:auth_admin_keep:yes org.opensuse.cupspkhelper.mechanism.printeraddremove auth_admin_keep:auth_admin_keep:yes org.opensuse.cupspkhelper.mechanism.job-edit auth_admin_keep:auth_admin_keep:yes org.opensuse.cupspkhelper.mechanism.job-not-owned-edit auth_admin_keep:auth_admin_keep:yes org.opensuse.cupspkhelper.mechanism.devices-get auth_admin_keep:auth_admin_keep:yes org.opensuse.cupspkhelper.mechanism.all-edit auth_admin_keep:auth_admin_keep:yes (the "yes" to the third argument gives the active user full rights to all these calls.) That said ... For printing our thoughts are: - auto detect and autoconfigure local USB printers this works for known printers. - discover IPP network printers by network browsing and configure them automatically If the machines firewall zone is set to "internal" - (samba printers? unclear what to do) Ciao, Marcus -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org