On Mon, 2009-11-23 at 18:16 -0600, Chris Adams wrote:
Once upon a time, Adam Williamson <awilliam(a)redhat.com> said:
> It's not QA's role to define exactly what the security policy should
> look like or what it should cover, but from the point of view of
> testing, what we really need are concrete requirements. The policy does
> not have to be immediately comprehensive - try and cover every possible
> security-related issue - to be valuable. Something as simple as spot's
> proposed list of things an unprivileged user must not be able to do -
>
http://spot.livejournal.com/312216.html - would serve a valuable purpose
> here.
IMHO that's a backwards way of approaching security. You will never be
able to define everything somebody should _not_ be able to do. You
should always take the approach of defining what somebody _should_ be
able to do.
But think from a QA perspective. However the policy is phrased, we have
to test the negatives. If we just tested that all the 'could' things on
the list were OK, we would happily approve a release that gave everyone
root privileges. After all, everyone would be able to do all the things
they were supposed to do. it'd be a 100% pass. =)
--
Adam Williamson
Fedora QA Community Monkey
IRC: adamw | Fedora Talk: adamwill AT fedoraproject DOT org
http://www.happyassassin.net