Security testing: need for a security policy, and a security-critical package process

Bill Nottingham notting at redhat.com
Tue Nov 24 20:34:35 UTC 2009


Chris Ball (cjb at laptop.org) said: 
>    >> If some some spin decided to make every user run as root, ship
>    >> with no firewalling, have password-less accounts, or have
>    >> insecure services enabled by default, etc.
> 
>    > You mean Sugar as configured on the XO? (It has passwordless
>    > user, who can su without a password.)
> 
> It's true, but note that the XO software is technically a "Remix"
> rather than a "Spin", so there aren't any technical requirements
> on it to satisfy the use of the Fedora mark.  (I think I'd agree
> with Greg's point regarding official Fedora spins.)

But if it was such a concern with respect to the Fedora brand and
image, I would think the same argument would apply, even if it
was just branded as a 'Fedora remix'. 

Bill




More information about the devel mailing list