F21 Self Contained Change: Security Policy In The Installer

Eric H. Christensen sparks at fedoraproject.org
Fri Mar 14 19:06:06 UTC 2014 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

On Fri, Mar 14, 2014 at 06:59:18PM +0000, Matthew Garrett wrote:
> On Fri, Mar 14, 2014 at 02:57:33PM -0400, Steve Grubb wrote:
> > On Friday, March 14, 2014 06:53:42 PM Matthew Garrett wrote:
> > > Having separate server, workstation and cloud products means we can
> > > apply separate defaults without requiring user interaction. Beyond that,
> > > why would an end user want to choose common criteria during an
> > > interactive install? Isn't that something that should be imposed on them
> > > by their local admin?
> > 
> > Yes, and I believe the kick start would do that. I would also even see a case 
> > where an admin takes the base policy and tailors it with site specific settings 
> > and puts that into effect instead of the default one we provide. I like the 
> > idea of choice.
> 
> Exactly, this is functionality that makes sense for enterprise and 
> automated deployments. I don't see it making sense for an interactive 
> install.

You're making an assumption that I wouldn't want my personal box to be hardened at install or that the enterprise has an automated way of doing a deployments.  Why make it harder to use the operating system when a simpler way of configuration has been suggested?

The feature isn't going to be a massive change to the UI and only adds to the awareness that users have a choice on how hardened their system is at install time.  Whether you chose to use it is your business.

- -- Eric

- --------------------------------------------------
Eric "Sparks" Christensen
Fedora Project

sparks at fedoraproject.org - sparks at redhat.com
097C 82C3 52DF C64A 50C2  E3A3 8076 ABDE 024B B3D1
- --------------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQGcBAEBCgAGBQJTI1MbAAoJEB/kgVGp2CYvO8oL/06v8nf4qVt9oOrfBJeNdAn1
xK1ptfZVN/4JnWR9W1TYzOdl2S3ZUJS/IqQTHXrdBoD69Me6QkSja1Punm9eirom
oRofZxz1Z8rU/tZHVbKznq3TW8+KUVpcTyI0f6FxXEtWBnh1QlZjm5Kgh8PMAcGv
fRXJ601YKo4JgGJMd9JzQqepU2Xr/CkyIkTGHqTwFVRPq9DnSj8XA8NsnjzSwBmD
EMXpi4dtpTDug+k7K/Tg/QRZ1tY/iCHCTVz3x75dNM4sZ1bV1qihbvXryffKRBhu
qGhQUF0xFd5RpuL1DPkjHJ65v2VCjGsODz0KkqgZ7aH7A57sTyV+RNke+LwvZRrx
H4Z14i5h1HLqD7d80NfmBiYLUtal5yWjs5zvGlLD4SROvKwtB7W1QlrDBFq26c+A
MnmIx5sczRriSnOE+9H3ROQw4DctEW7ksUbPLFAbdrqM1SxRSkvqz/us2+03vbfp
jSRR3cSbFDkt/7tPoh3LgV9MtH4AlG/C6ZMM6n4tRg==
=OvQ7
-----END PGP SIGNATURE-----

More information about the devel mailing list