Re: SV: MATE 1.8 has now fully arrived in Debian

[Svante Signell <svante.signell@gmail.com>]

On Wed, 2014-06-25 at 17:38 +0100, Simon McVittie wrote:
> On 25/06/14 15:43, Svante Signell wrote:
> > Regarding mate desktop policykit-1 build-depends on libsystemd-login-dev
> > only for linux-any. What functionality is missing for other
> > architectures?
> 
> The interesting dependency chain is:
> 
> policykit-1 Depends libpam-systemd [linux-any] (degraded functionality
>                                                 on !linux)
> libpam-systemd Depends systemd (i.e. systemd binaries are installed)
> libpam-systemd Depends systemd-sysv (i.e. systemd is pid 1)
>                     or systemd-shim (i.e. systemd-logind runs, but
>                                           systemd is probably not pid 1)

So the dependencies tracks down to PID1 issues: systemd-sysv | systemd-shim

<text removed>
> Upstream developers in various projects increasingly oppose group-based
> access, because membership of many "desktop stuff" groups essentially
> means "can ssh in and do bad things to a local user". For instance,
> putting desktop users in group 'audio' or 'video' is no longer a
> requirement for access to sound cards on systems with systemd-logind (it
> hands out access using temporary ACLs instead) - which is just as well,
> because putting those users in a group with permanent rw access to the
> sound device or webcam would essentially mean they can ssh in while
> someone else is using a computer, and spy on what is said near it.
> 

Couldn't this problems be solved by denying remote users desktop login,
only by tty, and the only way to get to the desktop is with startx?
(Maybe not so liked for a modern box??)

This is one of the best descriptions I've see in a long time, Thanks
Simon, no bashing, just facts :)