On Mon, Nov 23, 2009 at 06:10:59PM -0800, Adam Williamson wrote:
On Mon, 2009-11-23 at 19:38 -0500, Matthias Clasen wrote:
> How that translates in packages and defaults is not really the most
> important part, but the plan is to have strict package defaults + a
> policy package that makes things work.
> The important part is that we QA the combination, not just the strict
Right. If the Grand Plan is to go down this path, then what I've been
referring to as 'the security policy' would include the policies defined
for each spin, and hence any testing QA did for any given spin would
involve the policy defined for that spin.
Having said that - is everyone agreeing that it's fine for each spin SIG
to be entirely in charge of defining and implementing security policy
for each spin? At the very least, that would possibly be problematic
given the known border issues between 'the desktop spin' and 'Fedora'.
Just another issue contributing to why we would need to settle that.
I'm very much against that. Fedora, Linux, and Unix-like operating systems
have built a reputation as a more secure alternative to Windows and other
operating systems. We have to have some level of security that comes
enabled on all systems no matter what the spin.
Also, conflating "Fedora" with the "Desktop Spin" is something I'm
uncomfortable with here. A spin meant to highlight what the authors think
is the most convenient experience for a single user desktop system
apparently wants to do things that I am not at all for highlighting as the
default Fedora environment. We need to separate these so that the Desktop
Spin can live its own life without the additional constraints of being