[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Security policy oversight needed?



2009/11/18 Chris Adams <cmadams hiwaay net>:
> I would like to see this discussion separate from discussion about the
> current issue with PackageKit.

That would be nice :)

The problem is who to target. If you call Fedora a desktop distro,
then it makes perfect sense for local users to be able to shutdown the
computer, suspend, change the system clock and install clipart without
passwords, as long as it's done in a secure way.

If you call Fedora a server OS, then it shouldn't be shipping
PackageKit at all, and should have most of the PolicyKit
authentication actions defaulting to no.

So obviously we need some middle ground. I guess if the spins
"personalise" the package set then they should also personalize the
security defaults. e.g. a server spin would not include PackageKit at
all, and default to not letting users change the time. A desktop spin
would allow the desktop user to do most things without a administrator
password. The tricky part is deciding a default policy that is
suitable for all the people using Fedora, which honestly, I think is
impossible.

Richard.


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]