Initial draft of privilege escalation policy

Adam Williamson awilliam at redhat.com
Wed Jan 20 19:00:42 UTC 2010


On Wed, 2010-01-20 at 12:21 -0600, Chris Adams wrote:

> One thing that jumps out at me about the way the policy is worded is
> that it defines what is restricted (what you can't do) instead of what
> is allowed (what you can do).  This seems backwards to me; you'll
> always
> be chasing some new thing that somebody implemented (e.g. the
> PackageKit
> change that brought this about) that wasn't previously restricted.

I already addressed exactly that point in the initial email. I'm aware
this is not the optimal way to do it, but it's a practical way we can
achieve something within the F13 timeframe.

Trying to write a policy the other way around is extremely difficult. If
you want to try, though, please do give it a shot :)
-- 
Adam Williamson
Fedora QA Community Monkey
IRC: adamw | Fedora Talk: adamwill AT fedoraproject DOT org
http://www.happyassassin.net



More information about the test mailing list