-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 04/01/2014 12:15 PM, Simo Sorce wrote:
On the meeting today we briefly discussed how to address defaults
that may be appropriate for a server and may differ from other
Fedora products, how to find them, how to change them in the
product.
I am personally more looking to determine a process, when we find
out something may need to change. How do we analyze the issue,
what guidelines will drive our decision and finally how,
technically, changes are made that affect just the server product.
Working backwards from the end here. I don't think that security
defaults are anything but a special case of products wanting different
configuration defaults. I think that conversation has been held ad
nauseam on the fedora-devel list[1] at this point. As far as the
technical changes to address this are concerned, I think it should
follow whatever policy we adopt there.
As for how we process the need, I think the process can probably be
very simple (and similar to the Change process):
1) Open a discussion on the fedora-server mailing list.
2) After a week, it gets added to the Server WG meeting agenda and is
voted on (or deferred for additional discussion on the list).
As far as guidelines to drive us, I really can think of only two:
1) Default to deny in the absence of explicit permission grant.
2) See rule one.
I'd like ideas and discussion around this topic so we can determine
if it is important, and how to deal with this 'stuff'.
[1]
https://lists.fedoraproject.org/pipermail/devel/2014-March/196546.html
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
Comment: Using GnuPG with Thunderbird -
http://www.enigmail.net/
iEYEARECAAYFAlM67/IACgkQeiVVYja6o6N7xQCeMT0dRrKnQSMKvbF+Z/vMFvzF
VSQAoJ9OMnQVBa0Ddcozq4cXi5u43PJN
=1q2b
-----END PGP SIGNATURE-----