On Wed, 2018-06-06 at 09:45 -0500, mcatanzaro@xxxxxxxxx wrote: > On Wed, Jun 6, 2018 at 4:39 AM, Nikos Mavrogiannopoulos > <nmav@xxxxxxxxxx> wrote: > > I am actually very curious about the results of such a move, and > > know > > whether it is going to have a significant impact today. Debian has > > already tried experimenting with it: > > > > https://lists.debian.org/debian-devel/2017/08/msg00166.html > > But OpenSSL is not used by browsers. That's right. In that case they would most likely have to handle issues like, tool A and B don't work with that server, though it works in firefox. The fedora proposal has a different challenge, if something doesn't work it wouldn't work anywhere. > > I think the debate here is whether fedora (and in general operating > > systems) can afford to be stricter than the browsers. As an OS our > > attack surface is much larger than the browser setup, and thus it > > makes > > sense (to me), to be more careful. > > You previously said in this thread that the system policy *will* be > used by browsers. Right, the plan is to have a policy to be default for everyone, including browsers which run in the OS. > I would not be concerned if we had a separate policy that was > suitable > for use by browsers, which could be used by Firefox, glib- > networking, etc. But we don't, and it's not proposed here. That's correct. I don't think it makes sense to have separate policies per application. regards, Nikos _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx/message/7ZWS3GTBB7IA6OG2SCMSCJLN2IYR6FFN/
