Should I just port Whonix to be using gksu or gksudo?
Or is there yet another, even better alternative? //cc @HulaHoop
[If that is possible (hopefully, probably is)]
(Still need to learn the exact differences between gksu or gksudo and experiment.)
Not mix X with Y alone is a bad argument if it’s only for the sake of “not mix X with Y”. That level of complaints is pushing it. Too theoretic. Little to none (and none mentioned) practical implications. It requires a high technical sophistication to analyze this (look at packages; know which package derives from where) plus on top a special character to complain about it. Too small user group. Hard to impossible to please user group. Sometimes I even wonder if they’d be even use Whonix or just complain for the sake of complaining. In short: these kind of complains “not mit X with Y for the sake of not mixing” shall not be Whonix indented target user group.
Notwithstanding the earlier warning, it is possible to use sudo with graphical apps provided you add the -H flag. This flag is critical: it properly sets root to its own environment instead of improperly inheriting the user’s environment. Use of the -H flag is mandatory. Failing to use this flag may corrupt critical system files and prevent you from logging in.
With sudo -H almost any graphical app can be launched under root within any 'buntu flavour. This includes each flavour’s default graphical editor and file manager.
An appreciable danger with sudo -H is that the -H flag is easy to forget. And all it takes is one omission for the damage to be done.
Omission of the -H flag could be prevented. We could invent our own wrapper and have users use that.
Please note that many websites and old threads advise the use of gksu. However, such search results are obsolete. gksudo has not been updated for years and is not even available in Bionic (18.04) and higher. gksu has been replaced by pkexec, but even pkexec is being deprecated by the mainline Ubuntu developers. They have taken the position that file manipulation and editing under root should be restricted to the command line.
“manipulation and editing under root should be restricted to the command line.” - Very bad usability.
wheter we use pkexec in any source code by Whonix:
As a graphical Linux distribution we need to choose one package which Provides: polkit-1-auth-agent. Full stop.
In other words, one package which serves as virtual package to provide polkit-1-auth-agent. pkexec by itself does not come with a GUI. A GUI is provided by polkit-1-auth-agent. Not having a package installed that serves as a GUI (i.e. providing polkit-1-auth-agent) results in broken start menu entries and other authentication dialogs. (These would fall back to CLI authentication which at that time isn’t visible.)