On Thu, Nov 19, 2009 at 2:15 AM, Richard Hughes <hughsient@xxxxxxxxx> wrote: > So obviously we need some middle ground. I guess if the spins > "personalise" the package set then they should also personalize the > security defaults. e.g. a server spin would not include PackageKit at > all, and default to not letting users change the time. A desktop spin > would allow the desktop user to do most things without a administrator > password. The tricky part is deciding a default policy that is > suitable for all the people using Fedora, which honestly, I think is > impossible. Can we decide on the security defaults that act as a backstop to spin personalizations? My personal preference would be to have a default proto-policy that was as hardened as conceivably possible in the packages themselves and then each spin concept makes deliberate changes to soften the security stance by writing local policy in their kickstart files actions. That would make each change that softens the security posture a deliberate change that is easily reviewed by reading over the kickstart files. This stills allows for a desktop spin to have a security stance different from that of a server spin... as an initial install target ... but should avoid unexpected behavior across update boundaries or in real world situations that don't fit the designed for usage case. -jef -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
