I'm sorry, now I really don't understand. If these libraries shipped with your distro, you asked for them. If they were dependencies of a package you installed, you asked for them. It's bizarre to me that there are hundreds of Linux distros with every combination of packages you could possibly ask for and I still see this complaints. It's very likely you didn't see a prompt because your distro configured it to not require a password. If you want to configure it to require a password, the system lets you do that. This is just another choice you have.
No, I didn't ask for a fucking GUI sudo with xml and javascript and local privilege escalation to root. I asked my computer to do something as basic as play sound, something that worked for decades without GUI sudo. Developers said they want to use pulseaudio for that. Whatever, if it finally plays audio without breaking every week. I don't have time to vet every package in every distro, and I didn't know it depends on a GUI sudo.
> If these libraries shipped with your distro, you asked for them.
If a bomb ships with a package you ordered, you asked for it.
Or maybe not? Maybe I didn't ask for it but a bunch of devs decided that (quoting you) "the users all want" it and I wasn't there to keep tabs on them.
And now that I know better, yes, I am looking for alternative distros because the ones I've been using include too many things I didn't ask for.
>I asked my computer to do something as basic as play sound, something that worked for decades without GUI sudo
Sure, security also was not great for decades. I know what you mean you don't have time to vet packages, very few people have time to do that, that's usually why you'd trust a vendor to do it for you and not keep second guessing their decisions because they published and fixed a CVE.
>I am looking for alternative distros because the ones I've been using include too many things I didn't ask for.
That's great, I wish you luck. Just keep in mind, eventually if you find you want to put a security prompt on something for whatever reason (maybe you find yourself shipping something to a less technically inclined user), I expect you will circle back around to the same solutions. They're there for you to use them. At that point it becomes whether the frustration with XML and Javascript is worth rewriting it with a different configuration format and scripting language. Maybe you also want to take these tools written in C and rewrite it in Go or Rust or something, I don't know. I would not say it's worth it unless you have some really extreme requirements. This doesn't to have the most expressive DSL you can think of it, it just needs to encode some simple logic in a well-understood way.
> that's usually why you'd trust a vendor to do it for you and not keep second guessing their decisions because they published and fixed a CVE.
Yes, I'm inevitably putting some trust in vendors. Unfortunately I'm having a hard time finding vendors (especially Linux vendors) that I can trust to make decisions that I find sensible and more or less in line with my intended usage of the system.
I have some experience with OpenBSD (after using it for more than a decade on a server and a few years on a laptop), and I can say with reasonable confidence that they would have never allowed polkit to be a part of their system in the first place. Similar to how they eventually said no to kerberos and just purged it. Similar to how they've refused things like PAM. Similar to how audio kept working fine with sndio (a very simple library & daemon) while I constantly had to battle the overcomplicated audio subsystem and ever-churning daemons on Linux..
That's the kind of Linux vendor I would like: a vendor who's trying to build something simple, and not something that tries to be maximally flexible and "everything for everyone". A vendor who can make decisions and if needed, build their own thing that suits their goals instead of shipping the same things every other distro ships.
There certainly are hundreds of distros as you say, but most of them offer little more than a different coat of paint, and ship the same third-party packages with more or less the same dependencies as you would have on any other Linux distro. After you've installed the few things you need, it doesn't matter much whether the banner says Arch, Fedora, Ubuntu, or whatever (in fact I run all three right now).
