Privilege escalation policy: third draft
mclasen at redhat.com
Tue Jan 26 15:09:32 UTC 2010
On Mon, 2010-01-25 at 22:00 -0800, Adam Williamson wrote:
> == New and changed privilege escalation mechanisms ==
> Any new privilege escalation mechanisms (where mechanism is defined as
> "the code that directly causes privilege escalation") must be submitted
> to, and approved by, the Fedora packaging committee. The development and
> QA mailing lists must be notified of the approval of new privilege
> escalation mechanisms. Any significant changes to the semantics of
> existing privilege escalation mechanisms (except for changes that are
> obviously not security-relevant) must be announced to the development
> and QA mailing lists.
Not to sound disrespectful, but why should the packaging committee have
and special say in privilege escalation mechanisms ? How does a special
interest in spec file syntax qualify for security audits ?
I propose to s/packaging committee/FESCo/ there.
More information about the test