Re: Security testing: need for a security policy, and a security-critical package process

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Monday 30 November 2009 22:40:07 Hal Murray wrote:
> gene@xxxxxxxxx said:
> ...
> 
> > A written description of the security policy is a must!
> 
> ...
> 
> Is the idea of a single one-size-fits-all security policy reasonable?  I 
> think Fedora has a broad range of users.
> 
No.  Initially, I recommend one security policy and one reference 
implementation to test against.  Each variation needs its own security policy 
and reference implementation definition.  Later ones are easier to create 
because they can use the early ones as "guidance".

So, why go through all of this paperwork and bureaucratic bullshit?  Well, 
those of us who have done this before believe that it is necessary.  I do not 
like the bureaucratic BS any more than anyone else but, if you do not do it, 
then you are not quite sure what you have when you say that something meets 
security requirements.

Gene

-- 
fedora-devel-list mailing list
fedora-devel-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-devel-list

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux