Don't give *Setting objects full access to the greeter object
tailsgreeter/gui.py AdminSetting.apply(): the action at a distance on next line is scary; better return the admin password (or False if the check fails), and let the caller modify its own state… or do some slightly less scary action at a distance? Same comment wrt. the disable method, and more generally it feels wrong that each *Setting objects gets a greeter attribute they can mess with as they want.
The ultimate goal should be to have all controller logic in
GreeterApplication, which could be moved to