On Thu, 5 Mar 2015 09:56:41 -0600 Chris Adams <linux@xxxxxxxxxxx> wrote: > Once upon a time, Adam Jackson <ajax@xxxxxxxxxx> said: > > False. It's entirely reasonable for a product to mandate an > > appropriate security policy, so until and unless we move account > > creation entirely to firstboot, it's something the installer will > > have to expose. > > The installer should not enforce a policy that does not match the > installed system. AFAIK the "passwd" command will still let root use > any password (with just a warning), so the installer should do the > same. > > It sounds like that's the decision FESCo approved. No. The decision was that we need a better overall policy/story instead of all the different parts doing their own thing and causing just the above thing you note. Would you like to help gather information and draft some policy? ;) IMHO, it would need to gather in: * sshd policy * passwd policy * policykit * sudo * anaconda * gnome-keyring? * DMs? * tons of other stuff I am likely not thinking of. Ideally we could have a base policy, then perhaps some changes/differences for the various products. Also a way, much like the recent ssl cert stuff to change the policy in one place instead of 50. kevin
Attachment:
pgpLKPXs9Kv9l.pgp
Description: OpenPGP digital signature
-- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
