The Fedora policies e.g. http://pkgs.fedoraproject.org/gitweb/?p=polkit.git;a=blob;f=polkit.spec;h=e365234e34e0534796c725e1e0b5bcb3ce3a96fe;hb=HEAD#l85 should be included in the polkit tarball with a note that these are the suggested policies that downstreams are suggested to use but that they are free to modify anything they want (e.g. change the 'wheel' group name or the defaults).
OK, this commit http://cgit.freedesktop.org/PolicyKit/commit/?id=763faf434b445c20ae9529100d3ef5290976d0c9 is for the 'wheel' part of this change. As noted in NEWS, see http://cgit.freedesktop.org/PolicyKit/commit/?id=8710055f9f3c8a4bd444210b86d7eea5a4a4f840 distributors who insist on being different can patch it out themselves. For the other part, e.g. [Wheel Group Permissions] Identity=unix-group:wheel Action=org.gnome.settingsdaemon.datetimemechanism.*;org.kde.kcontrol.kcmclock.save;org.freedesktop.RealtimeKit1.*;org.freedesktop.udisks.filesystem-mount-system-internal;org.freedesktop.hostname1.set-static-hostname ResultAny=auth_admin ResultInactive=auth_admin ResultActive=yes that gives extra powers to members in 'wheel', I'm not so sure about. I think the answer here is that the mechanisms should be more lenient and just use ResultActive=yes instead of insisting that authentication is needed even for mundane tasks ... after all, this is for users at the local console (of course, paranoid security-minded distros can lock down as they see fit). So for now I'm just going to nuke that stanza in the Fedora policy and if there are complaints about annoying authentication attempts, I'm just going to punt that to the Mechnanisms. As such, I consider this bug fixed.
Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.