-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On Fri, Mar 14, 2014 at 08:01:53PM +0000, Matthew Garrett wrote: > On Fri, Mar 14, 2014 at 03:56:47PM -0400, Eric H. Christensen wrote: > > On Fri, Mar 14, 2014 at 07:45:53PM +0000, Matthew Garrett wrote: > > > The failure mode of making the wrong choice regarding an encrypted > > > partition or the default user being an administrator involves the system > > > *continuing to work*. The failure mode of making the wrong choice > > > regarding security policy is that things you expect to work mysteriously > > > don't. > > > > What exactly do you think would be done with one of these policies? You seem to think that an incorrect choice will brick a system. > > If an incorrect choice means that the software the user wants to run > won't run, that's going to be a problem for the user. And we presumably > expect that some software won't run, because otherwise we'd be enabling > that security feature by default? A user who accidentally installs a > profile that enables FIPS compliance is going to have a bad time, for > instance. No, that's not exactly it. I've pointed out reasons why defaults usually suck (security-wise). I've yet to see a hardened system make software fail. I'd love some examples of your concerns. I also don't understand why FIPS compliance will make a user have a bad time since I've been on systems that were fully FIPS compliant and didn't have any problems. - -- Eric - -------------------------------------------------- Eric "Sparks" Christensen Fedora Project sparks@xxxxxxxxxxxxxxxxx - sparks@xxxxxxxxxx 097C 82C3 52DF C64A 50C2 E3A3 8076 ABDE 024B B3D1 - -------------------------------------------------- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQGcBAEBCgAGBQJTI4GhAAoJEB/kgVGp2CYv2mAL/2DUh90PebxuUFwfPVVrRCUE gHVuzpFnxtXltHsKtTJvCOG2X7I51bzmeHx482BtUMk91UriRGO9+1bchfWuHPdq iv77DJuYciAOU5qKWvAalO6KS3lmZnTfpOZgnlaf2Bg+YndCRNHqbbLhAwP1F4bb 0cA1HgfgkdlNyTc/szYhP1WjWxuNXp4qKhXTELqhnMNaHkQTVaqgmW20iP0TmGqu wxHGhgPEykeqPbgj2AAWRHKIcfx/Js5ojtcpSkvavhxjUsWFJyh4RzZXBaaQTRLb RXKs9T0cEdat7xVgzXsiSQwIiGS0X1Wv3wtxLMHZWLwUCXbumaLtwT/JjMZWbkN2 k3ofasxkIddCiXIypCF+svmbB9Gh9bxyQCtVUAXgrX6V0gwqpayWl40dmPEhZzsi YHOR/Tdy10SAOhYCBli4mgbwCFsK8es7BE1pZgZ2haz6FhAbRosDxmPwvbfpfahD 0OCMCwdv4a8+eBWTsThHhWbU7EA5UaG0BeHHEFHH+A== =TMcN -----END PGP SIGNATURE----- -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct