F21 Self Contained Change: Security Policy In The Installer
Matthew Garrett
mjg59 at srcf.ucam.org
Fri Mar 14 19:38:10 UTC 2014
On Fri, Mar 14, 2014 at 03:06:06PM -0400, Eric H. Christensen wrote:
> You're making an assumption that I wouldn't want my personal box to be
> hardened at install or that the enterprise has an automated way of
> doing a deployments. Why make it harder to use the operating system
> when a simpler way of configuration has been suggested?
I'm making the assumption that you, as someone with sufficient knowledge
of the field to make an informed choice, are capable of performing
additional steps in order to ensure that your system meets additional
security criteria.
> The feature isn't going to be a massive change to the UI and only adds
> to the awareness that users have a choice on how hardened their system
> is at install time. Whether you chose to use it is your business.
It's not going to be a massive change? It's an entire additional spoke
in the UI. That *is* a massive change. Users will click on it. Users
will be confused by it. They'll choose inappropriate options and then
complain that their software doesn't work, and then they'll either take
resources from our limited support pool or give up and install something
else instead.
The job of the installer is to make it as easy as possible for the user
to end up with a working system. Adding options that make it
straightforward for the user to end up with a non-working system is a
backwards step.
--
Matthew Garrett | mjg59 at srcf.ucam.org
More information about the devel
mailing list