Security policy oversight needed?
Tim Waugh
twaugh at redhat.com
Thu Nov 19 10:13:56 UTC 2009
On Wed, 2009-11-18 at 17:58 -0600, Chris Adams wrote:
> Any package (whether new or an update) that adds/changes PolicyKit,
> consolehelper, or PAM configuration, and anything that installs new
> setuid/setgid executables, should require some additional third-party
> review. Any significant changes that passes review should require some
> minimum amount of advance notice and documentation on how to revert
> (preferably in some common easy-to-find place in the wiki).
>
> Is this feasible? Who needs to look at this?
Previously discussed here:
http://www.redhat.com/archives/rhl-devel-list/2009-August/msg00578.html
Tim.
*/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 190 bytes
Desc: This is a digitally signed message part
Url : http://lists.fedoraproject.org/pipermail/devel/attachments/20091119/ac0c1f06/attachment.bin
More information about the devel
mailing list