Hello,
the SUSE security team recently decided to turn the rpmlint check
"polkit-untracked-privilege" into an error. Currently this is only an
informational message. If you get messages like these in your package:
gvfs-backends.x86_64: I: polkit-untracked-privilege org.gtk.vfs.file-operations (no:no:auth_admin_keep)
then they will become an error with 10.000 extra badness in the future,
as is the case with other polkit related errors. This affects all
packages in openSUSE:Factory.
The rationale behind that is that even though these polkit rules seem
harmless (only locally logged in users with admin privileges can acquire
the polkit privilege), they can expose security issues. This is because
the correct enforcement of the polkit policy is depending on the
individual package's polkit adaption.
Therefore such packages must go through a review process with the
security team. You can trigger this process by opening a bug against
security-team@suse.de and adding an AUDIT prefix to the bug summary.
For more about this please refer to this wiki page:
https://en.opensuse.org/openSUSE:Package_security_guidelines
We don't expect many packages to be affected by this. If you have any
questions please reach out to us.
Thank you
Matthias
--
Matthias Gerstner