On Wed, May 18, 2011 at 08:57:17 -0700, Adam Williamson <awilliam@xxxxxxxxxx> wrote: > > # There must be no known remote code execution vulnerability which could > be exploited during installation or during use of a live image shipped > with the release > > Points to consider: I think there may be some remote exploits that we wouldn't want to block for. For example if wesnoth turns out to be vulnerable to the game server or one of the other clients, I don't thank is something we'd want to block for. If firefox was vulnerable to web pages you visit being able to execute unsandboxed code, then I feel it's a close call. I'd prefer not to limit remote code execution to just root. User data and network bandwidth are valuable. Then we also need to worry about local root exploits being used in combination with non-root remote code exploits. I think it is also worth considering whether the exploits are really exploitable with our default configuration (selinux in enforcing mode). -- security mailing list security@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/security