On Wed, 2009-11-18 at 20:20 -0600, Mike McGrath wrote: > On Wed, 18 Nov 2009, Jeff Garzik wrote: > > > On 11/18/2009 07:45 PM, Mike McGrath wrote: > > > Stick with the facts, be clear about what you're > > > trying to accomplish (changing it back in F13? Changing it back in F12? > > > Setting a policy so stuff like this doesn't happen again?) > > > > > > 1) We should recognize this new policy departs from decades of Unix and Linux > > sysadmin experience. > > > > 2) F12 policy should be reverted to F11, ASAP. Possibly with a CVE. > > > > 3) Due to #1, F13+ should not deviate from the decades-old default. > > > > 4) Release notes should explain new [and after step #2, optional] policy in > > detail, including how to turn it off again. Seth's laudable write-up efforts > > should not have been necessary -- that info should be prepared. > > > > 5) The people who want this new security policy should add an opt-in checkbox > > in Anaconda or firstboot. > > > > > Does anyone disagree with anything in 1-5? It all sounds reasonable to > me? Agree 100% with 1-4 although I would find 5 optional if PackageKit can have back the checkbox it has in F-11 to ask the user if it wants to let it "remember" the authorization. If that's not possible then either 5 or a control panel entry that let's you easily set the policy for a group, so that the system administrator can choose which users will have this privilege by adding them to a group. Simo. -- Simo Sorce * Red Hat, Inc * New York -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
