Security policy oversight needed?
Colin Walters
walters at verbum.org
Thu Nov 19 19:49:20 UTC 2009
On Thu, Nov 19, 2009 at 4:48 PM, Jesse Keating <jkeating at redhat.com> wrote:
> On Thu, 2009-11-19 at 09:14 -0500, Owen Taylor wrote:
>> It doesn't work practically: configuration for packages needs to live
>> with the package. Putting gigantic amounts of configuration into the
>> %post of a kickstart file quickly becomes unmanageable. And the idea
>> that we make configuration changes in the %post of the kickstart really
>> falls part badly once people start upgrading their install to the next
>> version of Fedora.
>>
>
> Which is why you do it with specifically selected policy packages, and
> not trying to write out files in %post. Create a set of policy packages
> that define certain user cases, and pick from those as you construct a
> spin.
This makes sense to me; but there are details to work out.
* Do we have any guidelines on what the policy should be in upstream
source? Corresponding Fedora RPMs?
* Do we have a fedora-default-policykit-policy?
* How do we get this installed on upgrades? Code in preupgrade?
More information about the devel
mailing list