radical suggestion for fc4 release

[Eli Carter]

Eli Carter wrote:
> How about fedora-secure-system have
> Conflicts: flurble <= <vulnerable version>  # CAN-9999-999
> 
> If a package is known to be vulnerable, it conflicts with a secure system.

Some other ideas:
fedora-secure-system
Requires: fedora-secure-remote-root
Requires: fedora-secure-local-root
Requires: fedora-secure-remote-user
Requires: fedora-secure-other    # ?

fedora-secure-remote-root would conflict with all packages vulnerable to 
remote root exploits
fedora-secure-local-root would conflict with all packages vulnerable to 
local root exploits.
... etc.

That would allow a sysadmin to take the approach of: "I trust all my 
users, but I can't afford to have any remote exploits, and I need 
minimal change" => install fedora-secure-remote-root and 
fedora-secure-remote-user, but not fedora-secure-local-root.

Thoughts?

Eli
--------------------. "If it ain't broke now,
Eli Carter           \                  it will be soon." -- crypto-gram
eli.carter(a)inet.com `-------------------------------------------------



------------------------------------------------------------------------
Confidentiality Notice:   This e-mail transmission may contain
confidential and/or privileged information that is intended only for the
individual or entity named in the e-mail address. If you are not the
intended recipient, you are hereby notified that any disclosure,
copying, distribution or reliance upon the contents of this e-mail
message is strictly prohibited. If you have received this e-mail
transmission in error, please reply to the sender, so that proper
delivery can be arranged, and please delete the message from your
computer.  Thank you.
Tektronix Texas, LLC formerly Inet Technologies, Inc.
------------------------------------------------------------------------