On Sat, 2012-03-03 at 15:10 -0700, Chris Murphy wrote: > Depends. What if what's being added is a remote printer, that's merely > a way to smuggle documents out of a company? So direct attach printers > are probably fair game for adding without authentication. The user > clearly has physical access to both computer and printer, the most > applicable security control in this context is physical. But to add a > non-local IPP printer is possibly a red flag. I'm not sure it's remotely plausible to make 'strict in/out security on a corporate network' the aim of our out of the box security policy. I don't think we would ever achieve such a goal, but we could sure piss off a lot of people who aren't part of corporate-wide deployments by doing so, thus falling neatly between two stools. It really seems more realistic to aim lower - but at some level that's actually achievable - with our OOTB policy, and leave securing corporate networks to the sysadmin of the corporation in question. That's their job, after all. It's very easy to come up with some sort of theoretical scenario in which almost *any* kind of ability to use the machine in any way constitutes a 'security issue', but that doesn't really mean we should ship a product which comes out of the box to a non-networked, single user login prompt which refuses all passwords in the name of security...=) -- Adam Williamson Fedora QA Community Monkey IRC: adamw | Twitter: AdamW_Fedora | identi.ca: adamwfedora http://www.happyassassin.net -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
