Security policy oversight needed?
Tim Waugh
twaugh at redhat.com
Thu Nov 19 14:22:37 UTC 2009
On Thu, 2009-11-19 at 09:14 -0500, Owen Taylor wrote:
> This idea comes up a lot - that we can make Fedora packages be
> uncontroversial raw material, and then make the hard decisions at the
> spin level. (I'm speaking more generally than this particular issue.)
>
> It doesn't work practically: configuration for packages needs to live
> with the package. Putting gigantic amounts of configuration into the
> %post of a kickstart file quickly becomes unmanageable. And the idea
> that we make configuration changes in the %post of the kickstart really
> falls part badly once people start upgrading their install to the next
> version of Fedora.
For the particular issue of PolicyKit policy there is no reason at all
not to have the entire policy (for the entire system) in one package per
spin. The design of PolicyKit 1.0 makes this really easy.
> It doesn't work statistically: people in general don't get upset about
> decisions made about the desktop because they aren't using a desktop.
> They get upset because they *are* using a desktop and have a different
> vision for that detail.
This is one of the reasons I think policies each need to be handled
centrally, each with a specific documented goal.
> It doesn't work out conceptually: you can't escape having to make
> decisions. If the only vision we have is how the Desktop spin works,
> then what policy goes into the package?
The packages should ship with a "multi-user server"-type policy, i.e. a
restrictive one -- this could even be set out in the packaging
guidelines if need be.
> Practically speaking it will be
> the configuration that was designed for the desktop spin, with various
> random changes and missing pieces where people yelled a lot on
> fedora-devel-list. That's not a coherent operating system. (And it's a
> bad basis for spins other than the Desktop spin.)
Each of the policy packages should override all of the available policy,
IMHO.
Tim.
*/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 190 bytes
Desc: This is a digitally signed message part
Url : http://lists.fedoraproject.org/pipermail/devel/attachments/20091119/b3ef6bd6/attachment.bin
More information about the devel
mailing list