[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

New release goal: using su-to-root instead of *su in desktop/menu files

Hello all,

I'm looking forward accepting a new release goal for Lenny:
using su-to-root instead of gksu/kdesu/etc in desktop/menu files.

Quoting Daniel Baumann from #453931 (reasons why su-to-root should be used):
> 0. Desktop Integration
> It doesn't make sense that e.g. a KDE application calls (hardcoded)
> kdesu when beeing used on a Gnome environment. It should use su-to-root,
> which will automatically call either gksu (default) or kdesu (when
> beeing launched under KDE) for better integration into the running
> desktop environment.
> 1. Live Integration
> On Debian Live systems, we can not use su, but sudo (avoid setting a
> root password for security and usability reasons). If all desktop
> entries and menu files would use su-to-root, we can overwrite the
> default usage of su on one central place (/etc/su-to-rootrc resp.
>  ~/.su-to-rootrc) and be done with it.
> Currently, an application on a live system which requires root rights
> but calls kdesu or gsku instead of su-to-root uses therefore su, which
> won't work, and thus, the user ends up with a non-working application.

Lintian starting with version 1.23.42 has a new tag 
called 'su-wrapper-not-su-to-root' which warns on those situations.
Based on an archive wide lintian run on the amd64-only binary packages, the 
next packages have been found using a non su-to-root su wrapper:

gksu (this one should be excluded)

There are a number of packages which are not listed here because of a bug in 
lintian (see #462601) but the average number of packages doesn't seem to be 
any big.

Before the lintian check was introduced I filled some bug reports on affected 
packages which I found on my system, an examples is #454044.

Currently I've been tagging those reports with my usertag 'su-to-root'[1] and 
with a severity: wishlist.

If this release goal is accepted I'd increase the severity of the reports and 
fill some more based on the lintian check.


Kind regards,
Raphael Geissert

Attachment: signature.asc
Description: This is a digitally signed message part.

Reply to: