F21 Self Contained Change: Security Policy In The Installer
Eric H. Christensen
sparks at fedoraproject.org
Fri Mar 14 19:06:06 UTC 2014
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
On Fri, Mar 14, 2014 at 06:59:18PM +0000, Matthew Garrett wrote:
> On Fri, Mar 14, 2014 at 02:57:33PM -0400, Steve Grubb wrote:
> > On Friday, March 14, 2014 06:53:42 PM Matthew Garrett wrote:
> > > Having separate server, workstation and cloud products means we can
> > > apply separate defaults without requiring user interaction. Beyond that,
> > > why would an end user want to choose common criteria during an
> > > interactive install? Isn't that something that should be imposed on them
> > > by their local admin?
> >
> > Yes, and I believe the kick start would do that. I would also even see a case
> > where an admin takes the base policy and tailors it with site specific settings
> > and puts that into effect instead of the default one we provide. I like the
> > idea of choice.
>
> Exactly, this is functionality that makes sense for enterprise and
> automated deployments. I don't see it making sense for an interactive
> install.
You're making an assumption that I wouldn't want my personal box to be hardened at install or that the enterprise has an automated way of doing a deployments. Why make it harder to use the operating system when a simpler way of configuration has been suggested?
The feature isn't going to be a massive change to the UI and only adds to the awareness that users have a choice on how hardened their system is at install time. Whether you chose to use it is your business.
- -- Eric
- --------------------------------------------------
Eric "Sparks" Christensen
Fedora Project
sparks at fedoraproject.org - sparks at redhat.com
097C 82C3 52DF C64A 50C2 E3A3 8076 ABDE 024B B3D1
- --------------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQGcBAEBCgAGBQJTI1MbAAoJEB/kgVGp2CYvO8oL/06v8nf4qVt9oOrfBJeNdAn1
xK1ptfZVN/4JnWR9W1TYzOdl2S3ZUJS/IqQTHXrdBoD69Me6QkSja1Punm9eirom
oRofZxz1Z8rU/tZHVbKznq3TW8+KUVpcTyI0f6FxXEtWBnh1QlZjm5Kgh8PMAcGv
fRXJ601YKo4JgGJMd9JzQqepU2Xr/CkyIkTGHqTwFVRPq9DnSj8XA8NsnjzSwBmD
EMXpi4dtpTDug+k7K/Tg/QRZ1tY/iCHCTVz3x75dNM4sZ1bV1qihbvXryffKRBhu
qGhQUF0xFd5RpuL1DPkjHJ65v2VCjGsODz0KkqgZ7aH7A57sTyV+RNke+LwvZRrx
H4Z14i5h1HLqD7d80NfmBiYLUtal5yWjs5zvGlLD4SROvKwtB7W1QlrDBFq26c+A
MnmIx5sczRriSnOE+9H3ROQw4DctEW7ksUbPLFAbdrqM1SxRSkvqz/us2+03vbfp
jSRR3cSbFDkt/7tPoh3LgV9MtH4AlG/C6ZMM6n4tRg==
=OvQ7
-----END PGP SIGNATURE-----
More information about the devel
mailing list