Security policy oversight needed?

Jeff Spaleta jspaleta at gmail.com
Thu Nov 19 17:42:00 UTC 2009


On Thu, Nov 19, 2009 at 2:15 AM, Richard Hughes <hughsient at gmail.com> wrote:
> So obviously we need some middle ground. I guess if the spins
> "personalise" the package set then they should also personalize the
> security defaults. e.g. a server spin would not include PackageKit at
> all, and default to not letting users change the time. A desktop spin
> would allow the desktop user to do most things without a administrator
> password. The tricky part is deciding a default policy that is
> suitable for all the people using Fedora, which honestly, I think is
> impossible.


Can we decide on the security defaults that act as a backstop to spin
personalizations?  My personal preference would be to have a default
proto-policy that was as hardened as conceivably possible in the
packages themselves and then each spin concept makes deliberate
changes to soften the security stance by writing local policy in their
kickstart files actions.

That would make each change that softens the security posture a
deliberate change that is easily reviewed by reading over the
kickstart files.  This stills allows for a desktop spin to have a
security stance different from that of a server spin... as an initial
install target ... but should avoid unexpected behavior across update
boundaries or in real world situations that don't fit the designed for
usage case.

-jef




More information about the fedora-devel-list mailing list