Security policy oversight needed?
Rahul Sundaram
sundaram at fedoraproject.org
Thu Nov 19 11:16:12 UTC 2009
On 11/19/2009 04:45 PM, Richard Hughes wrote:
> So obviously we need some middle ground. I guess if the spins
> "personalise" the package set then they should also personalize the
> security defaults. e.g. a server spin would not include PackageKit at
> all, and default to not letting users change the time. A desktop spin
> would allow the desktop user to do most things without a administrator
> password. The tricky part is deciding a default policy that is
> suitable for all the people using Fedora, which honestly, I think is
> impossible.
Right. The alternative really is defining the roles and the target
audience clearly for distinct set of policies and allowing the user to
trivially select it during or post-installation.
So if I pick "personal desktop", the change you made makes sense. If on
the other hand, I choose "workstation" profile, I would obviously need a
more locked down profile.
Rahul
More information about the devel
mailing list