On Thu, Aug 28, 2008 at 09:02:40PM -0700, Jesse Keating wrote: > On Thu, 2008-08-28 at 23:57 -0400, Seth Vidal wrote: > > > > If they turn off all security and make 'honey pot linux - based on > > fedora' as a livecd for catching would-be crackers, I have no problem > > with that. It would be a good thing to have fedora's name on, I think. > > > > If they put apt in place (and modify massive amounts of anaconda, etc, > > to make it all work) then why not? > > > > How does it hurt us? > > You just said the magic words. "Based on Fedora", which is not Fedora. > I don't have a problem with people doing crazy ass things like taking > out selinux, removing yum, or even replacing the entire runtime with our > busybox, and calling it Based on Fedora. It's when they call it Fedora > that I get concerned. I belive that if we think about why we want some derivatives to be called Fedora and why some not, the basic line of thought is that if it improves the brand name by having high quality standards, solving a new problem niche nicely, or in general promotes the use of Fedora in any way then it is in Fedora's interest to allow the use of the trademarked name. Currently I cannot imagine Fedora w/o rpm or yum, but I can imagine it w/o selinux if I think about very small footprints, nano-Fedoras and all the recent suggestion. I wouldn't mind my phone to advertise that it runs on Fedora, even if selinux was turned off (but the high standard of security is ensured in another way). Since we can't envison what nice spins/derivatives people will come up with (I first heard of the appliance spin), we should not statically enforce any requirements, but instead have the board be the checking instance like it is now. A spin may fulfill all the formal requirements we can come up like a minimal base etc and still be worthless compared to the standard official spins (e.g. adding say xemacs to the package pool and calling it the Fedora xemacs spin). Or it may violate some requirement we come up (like selinux), but still be a very nice spin solving the security issues differently - or maybe applied in an environment where some of the requirements don't matter: Consider a Fedora spin for some embedded devices that are not expected to have network access (can't think of many, but say my fridge or my car's injection system), will we deny BMW to call their spin Fedora because they will not have selinux or yum? OR maybe even ripped all of rpm and rpmdb of the final image to shrink it some more? Anyway, what I want to say, is that we can't envision today how far the Fedora spin success will go and setting barriers today that a board in the future will need to tear down again, is maybe counterproductive. After all we do have the people in the board checking whether the spin is good enough to be called Fedora, and if they don't like the absence of selinux on some spin they will not put their stamp on it. -- Axel.Thimm at ATrpms.net
Attachment:
pgpwXjwldMMwX.pgp
Description: PGP signature
_______________________________________________ fedora-advisory-board mailing list fedora-advisory-board@xxxxxxxxxx http://www.redhat.com/mailman/listinfo/fedora-advisory-board
