Re: More PATH fallout. Who decided this was a good idea?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Sun, 2008-12-07 at 14:29 -0900, Jeff Spaleta wrote:
> On Sun, Dec 7, 2008 at 5:54 AM, Steve Grubb <sgrubb@xxxxxxxxxx> wrote:
> > Hope you find this informtion useful.
> 
> Well it's certainly going to make for a more rational discussion.
> 
> I still come back to one thing.  Could the file permissions be
> implemented differently so that CAPP compliance could be a system
> install time choice, instead of being expressed in the configuration
> of all installs?
> 
> Sort of how we make it possible for people who care about LSB
> compliance to be able to install the necessary bits without enforcing
> compliance on everyone else. Just sort of, I'm not suggesting security
> compliance and LSB compliance are anywhere close to the same thing in
> scope.
> 
> But what I am saying is that I'm not sure the restrictions and
> assumptions behind the logic of CAPP makes a lot of sense for our
> default target usecases.  We don't currently have a server target for
> example, and I'm not sure CAPP can be applied to something like a
> laptop desktop case without warping spacetime.
> 
> So taking a look at how CAPP compliance is handled now, could some of
> the restrictions like the permissions be handled in a more modular
> way? Could for example, things be changed so I could install a
> specialized fedora-CAPP package at install time which tightens up
> aspects of the system to bring it into CAPP compliance, instead of
> expressing those restrictions in the defualt settings of all installs?

Perhaps a bit like the 'bastille' hardening script?

Andrew Bartlett

-- 
Andrew Bartlett
http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org
Samba Developer, Red Hat Inc.

Attachment: signature.asc
Description: This is a digitally signed message part

-- 
fedora-devel-list mailing list
fedora-devel-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-devel-list

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux