On 11/19/2009 07:50 AM, Mike McGrath wrote: > On Wed, 18 Nov 2009, Jeff Garzik wrote: >> 1) We should recognize this new policy departs from decades of Unix and Linux >> sysadmin experience. >> >> 2) F12 policy should be reverted to F11, ASAP. Possibly with a CVE. >> >> 3) Due to #1, F13+ should not deviate from the decades-old default. >> >> 4) Release notes should explain new [and after step #2, optional] policy in >> detail, including how to turn it off again. Seth's laudable write-up efforts >> should not have been necessary -- that info should be prepared. >> >> 5) The people who want this new security policy should add an opt-in checkbox >> in Anaconda or firstboot. > > > Does anyone disagree with anything in 1-5? It all sounds reasonable to > me? Release notes are being updated as we speak. I think, the "role" of a system, be it a personal desktop, workstation, server or something else can change post-installation as well. I don't think a simple checkbox in Anaconda is going to be useful enough. We need a tool to switch policies easily so that we can tweak the policies across a wide range of tools with things like PolicyKit and each of these policies can be written with particular audiences in mind. Rahul -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
