Security release criterion proposal

J B jb.1234abcd at gmail.com
Thu May 19 16:32:25 UTC 2011


Josh Bressers bressers at redhat.com
Thu May 19 12:57:46 UTC 2011
wrote:

> Perhaps the correct answer is to have firstboot update the system
> for a user (do it in the background so they can still login do things).

Should we do that ? I mean an update in the background without
user's knowledge, control, and acceptance ?
I would even question that if it was net installation. What if you were
installing locally and you want to have an isolated (for a reason)
environment ?

In a situation like that I would rather opt for a security alert tmessage
displayed at time of login (thru GUI or text), present until explicitly
canceled by the user.

JB


More information about the test mailing list