Re: Security testing: need for a security policy, and a security-critical package process

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 





On Tue, 24 Nov 2009, Bill Nottingham wrote:

I don't want to ship a desktop that doesn't let the user do useful
things.

And you can ship a desktop SPIN that way. But the base pkgs should
not install with an insecure set of choices.

if you want the spin to have a post-scriptlet which allows more
things, then that's the choice of the desktop sig over the desktop
spin.

Given how .pkla works, this is likely to be done with packages, not
with %post hackery. (Which should make it much easier to reliably
test, as well.)

provided those pkgs are not required anywhere or set in our default pkg groups, then sure.

-sv

--
Fedora-security-list mailing list
Fedora-security-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-security-list

[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Coolkey]

  Powered by Linux