Local users get to play root?
Jeff Garzik
jgarzik at pobox.com
Thu Nov 19 07:14:32 UTC 2009
On 11/18/2009 11:27 PM, Adam Williamson wrote:
> On Wed, 2009-11-18 at 20:20 -0600, Mike McGrath wrote:
>
>>> 5) The people who want this new security policy should add an opt-in checkbox
>>> in Anaconda or firstboot.
>
>> Does anyone disagree with anything in 1-5? It all sounds reasonable to
>> me?
>
> I disagree with 5, that's not a sensible or sustainable way to deal with
> this kind of thing. At least not without some kind of coherent process.
> Just throwing in single-issue checkboxes ad hoc is not the way to do
> this - should we have fifty checkboxes for everything you can configure
> users to be able to do or not able to do? If we're going to go down that
> route, it needs to be a properly planned utility, something like
> Mandriva's msec. Only, uh, probably better.
Your and Rahul's points are definitely well taken. Certainly quite a
few know quite a bit more than I do, about where to put this "policy knob."
IMO #2 is the only urgent priority -- if this decision will be reverted
(it should!), it should happen very soon, so that users can capture this
in updates as soon after install as possible.
Jeff
More information about the devel
mailing list