On Thu, 2009-11-19 at 07:52 +0530, Rahul Sundaram wrote: > On 11/19/2009 07:50 AM, Mike McGrath wrote: > > On Wed, 18 Nov 2009, Jeff Garzik wrote: > > >> 1) We should recognize this new policy departs from decades of Unix and > >> Linux > >> sysadmin experience. > >> > >> 2) F12 policy should be reverted to F11, ASAP. Possibly with a CVE. > >> > >> 3) Due to #1, F13+ should not deviate from the decades-old default. > >> > >> 4) Release notes should explain new [and after step #2, optional] policy in > >> detail, including how to turn it off again. Seth's laudable write-up > >> efforts > >> should not have been necessary -- that info should be prepared. > >> > >> 5) The people who want this new security policy should add an opt-in > >> checkbox > >> in Anaconda or firstboot. > > > > > > Does anyone disagree with anything in 1-5? It all sounds reasonable to > > me? > > Release notes are being updated as we speak. I think, the "role" of a > system, be it a personal desktop, workstation, server or something else > can change post-installation as well. I don't think a simple checkbox in > Anaconda is going to be useful enough. We need a tool to switch policies > easily so that we can tweak the policies across a wide range of tools > with things like PolicyKit and each of these policies can be written > with particular audiences in mind. > > Rahul >
I agree with 1-4 and Rahul. --Eric
signature.asc
Description: This is a digitally signed message part
-- fedora-devel-list mailing list fedora-devel-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-devel-list
