On Mon, Nov 23, 2009 at 06:10:59PM -0800, Adam Williamson wrote: > On Mon, 2009-11-23 at 19:38 -0500, Matthias Clasen wrote: > > > How that translates in packages and defaults is not really the most > > important part, but the plan is to have strict package defaults + a > > policy package that makes things work. > > > > The important part is that we QA the combination, not just the strict > > defaults. > > Right. If the Grand Plan is to go down this path, then what I've been > referring to as 'the security policy' would include the policies defined > for each spin, and hence any testing QA did for any given spin would > involve the policy defined for that spin. > > Having said that - is everyone agreeing that it's fine for each spin SIG > to be entirely in charge of defining and implementing security policy > for each spin? At the very least, that would possibly be problematic > given the known border issues between 'the desktop spin' and 'Fedora'. > Just another issue contributing to why we would need to settle that. > I'm very much against that. Fedora, Linux, and Unix-like operating systems have built a reputation as a more secure alternative to Windows and other operating systems. We have to have some level of security that comes enabled on all systems no matter what the spin. Also, conflating "Fedora" with the "Desktop Spin" is something I'm very uncomfortable with here. A spin meant to highlight what the authors think is the most convenient experience for a single user desktop system apparently wants to do things that I am not at all for highlighting as the default Fedora environment. We need to separate these so that the Desktop Spin can live its own life without the additional constraints of being Fedora. -Toshio
Attachment:
pgpXk4FiLx3kS.pgp
Description: PGP signature
-- Fedora-security-list mailing list Fedora-security-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-security-list