Security testing: need for a security policy, and a security-critical package process
Chris Ball
cjb at laptop.org
Tue Nov 24 20:07:43 UTC 2009
Hi,
> Gregory Maxwell (gmaxwell at gmail.com) said:
>> If some some spin decided to make every user run as root, ship
>> with no firewalling, have password-less accounts, or have
>> insecure services enabled by default, etc.
> You mean Sugar as configured on the XO? (It has passwordless
> user, who can su without a password.)
It's true, but note that the XO software is technically a "Remix"
rather than a "Spin", so there aren't any technical requirements
on it to satisfy the use of the Fedora mark. (I think I'd agree
with Greg's point regarding official Fedora spins.)
- Chris.
--
Chris Ball <cjb at laptop.org>
One Laptop Per Child
More information about the fedora-devel-list
mailing list