On 05.02.2008 17:10, Peter Lemenkov wrote: > > Due to landing of upcoming Gnome release in Fedora 9 I decided to drop > fuse group. > > The main reason is that future Gnome VFS will use fuse as a backend, > and we wil be forced to add all users into fuse group (if we allow > them to use Gnome VFS) what will made the existence of fuse group > useless.. > > Any objections? Well, when I got fuse integrated into Fedora several well-known and long-term Red Hat/Fedora developers said "it needs a security audit before we drop the fuse group". Not that long ago when we discussed https://bugzilla.redhat.com/show_bug.cgi?id=298651 http://secunia.com/advisories/26938/ I heard that once or twice again. Did that audit happen? Do we care? Actually I'm wondering if we need some guidelines or other bureaucracy hurdles to prevent that packagers use suid binaries without need. Preferred: Maybe just a script could do the trick if it checks what packages use suid binaries; somebody once every few weeks could run it and check if there are new packages with suid binaries. If there are: check them if it makes sense to ship them like that. Cu knurd -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
