Once upon a time, M A Young <m.a.young@xxxxxxxxxxxx> said: > >From what I remember permissions were opened up without making it clear > this was happening and without an easy way of putting them back, which > made things very difficult if you had good reasons for the permissions > being locked down. The flamefest was at least in part because things were > done badly, leading to the "Fedora introduces security holes" type of > headline. Yes, that was more-or-less what happened. People realized that the system time could be changed by any desktop user, and that the time is a pretty critical thing for security (cron jobs, logging, time-of-day access, etc.). The change had not been documented anywhere and was the default. > I think the right way to do it is for things to be secure by default, but > with easy tools to relax security where appropriate (which could include > options to do this during install). IMHO the defaults in the standard packages should be strict, and then desktop spins could add additional PK configs to loosen up where desired (with docs to match). This would have the added advantages of making it more obvious what was loosened up as well as giving examples on how to customize things. I will agree that some of the defaults are annoying though; somehow my system (possibly through my own uninformed configuration) prompts me for passwords three times when trying to add a printer (once to turn off blocking in the firewall when I'm not even running a firewall, once to load printer info, and then once to actually add a printer). -- Chris Adams <cmadams@xxxxxxxxxx> Systems and Network Administrator - HiWAAY Internet Services I don't speak for anybody but myself - that's enough trouble. -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
