Draft privilege escalation policy for comments
awilliam at redhat.com
Fri Jan 29 22:27:13 UTC 2010
Hi, everyone. Since the big PackageKit brouhaha surrounding Fedora 12,
there's been a discussion surrounding the need for a policy about
privilege escalation in Fedora. Representing the QA group, we would like
for there to be such a policy in order to allow a meaningful review of
privilege escalation issues as part of QA's testing of Fedora releases.
I took this concern to FESco, who basically said they would be willing
to consider any policy that's brought to them, but won't initiate the
creation of one. I have asked the security list (which seems mostly
dormant), some security folks individually, and it's been discussed on
this list, but none of those seem to have been interested in actually
creating a policy. So in the end, QA decided we would propose a draft.
We realize this is entirely out of our area of expertise, but there
appeared to be no alternative. So, here's a draft policy for review.
This has been through three rounds of drafts within the QA group, and
includes content based on very useful feedback from members of Red Hat's
security team, particularly Miloslav Trmac. Thanks to him and to all
others who contributed to the QA group discussion.
Please do provide any and all feedback on the proposed policy. if we can
get it into a shape which most people on the list would find acceptable,
my next step will be to take it back to FESco for them to review.
You can find the draft policy at
Fedora QA Community Monkey
IRC: adamw | Fedora Talk: adamwill AT fedoraproject DOT org
More information about the devel