Security release criterion proposal
Adam Miller
maxamillion at fedoraproject.org
Wed May 18 17:18:02 UTC 2011
On Wed, May 18, 2011 at 10:27:07PM +0530, Rahul Sundaram wrote:
> On 05/18/2011 09:58 PM, "Jóhann B. Guðmundsson" wrote:
> > On 05/18/2011 03:57 PM, Adam Williamson wrote:
> >> Feedback please! Thanks:)
> > Given that we ship selinux on by default should this proposal only be
> > applicable to exploits/vulnerability that selinux cant catch and prevent
> > which leaves us with <insert type of exploits here )?
>
> No. SELInux (or firewall) is not a first line of defense. These get
> turned off by some users and we need to be sure we aren't relying on
> them solely. If there are important security issues, they should be
> fixed before release regardless of whether SELinux would mitigate them
> or not
I have to disagree on this point, I think SELinux and the firewall are
in fact valid vulnerability mitigation paths and since they are in fact
enabled by default with the release then they should be able to satisfy
the requirements for release criteria. I don't think we as a project can
handle the long list of what users can and can't do once their system is
installed, I personally think that in these release criteria we should focus on
what is and isn't vulnerable from a default installation. If a user
decides to turn of PackageKit, turn off the firewall, disable SELinux,
and not manually pull package updates .... there's not much we can do
for them. (And yes, I am aware this isn't the case you brought up but
I'm simply trying to point out the slippery slope of "what if the user
does X?" that we could get ourselves into that would make it difficult
for us as a community to QA.
Just my opinion ... questions, comments, and snide remarks welcome as
always :)
-AdamM
More information about the devel
mailing list