F21 Self Contained Change: Security Policy In The Installer

[Matthew Garrett]

On Fri, Mar 14, 2014 at 03:06:06PM -0400, Eric H. Christensen wrote:

> You're making an assumption that I wouldn't want my personal box to be 
> hardened at install or that the enterprise has an automated way of 
> doing a deployments.  Why make it harder to use the operating system 
> when a simpler way of configuration has been suggested?

I'm making the assumption that you, as someone with sufficient knowledge 
of the field to make an informed choice, are capable of performing 
additional steps in order to ensure that your system meets additional 
security criteria.

> The feature isn't going to be a massive change to the UI and only adds 
> to the awareness that users have a choice on how hardened their system 
> is at install time.  Whether you chose to use it is your business.

It's not going to be a massive change? It's an entire additional spoke 
in the UI. That *is* a massive change. Users will click on it. Users 
will be confused by it. They'll choose inappropriate options and then 
complain that their software doesn't work, and then they'll either take 
resources from our limited support pool or give up and install something 
else instead.

The job of the installer is to make it as easy as possible for the user 
to end up with a working system. Adding options that make it 
straightforward for the user to end up with a non-working system is a 
backwards step.

-- 
Matthew Garrett | mjg59 at srcf.ucam.org