Eric Christensen (eric@xxxxxxxxxxxxxxxxxxx) said: > > It's a behavior change, for sure. For people who want to lock down their > > systems, it's a default they will need to be able to change, and they > > should have been able to discover it through the normal mechanisms for > > that. (i.e., the release notes.). It likely should have been discussed > > when it was introduced - it's obviously not something that's applicable > > to all usage cases for the OS. > > You are assuming that the users have physical access to the box and also > know how to get a root shell and that the box hasn't been hardened > (before the PK vulnerability was known). Sure, I said 'out of the box'. Out of the box none of those other hardening steps are done either, which is why if this is a policy that we want, it should be documented as a hardening step that can be taken. Bill -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
