Security policy oversight needed?

Richard Hughes hughsient at gmail.com
Thu Nov 19 11:15:12 UTC 2009


2009/11/18 Chris Adams <cmadams at hiwaay.net>:
> I would like to see this discussion separate from discussion about the
> current issue with PackageKit.

That would be nice :)

The problem is who to target. If you call Fedora a desktop distro,
then it makes perfect sense for local users to be able to shutdown the
computer, suspend, change the system clock and install clipart without
passwords, as long as it's done in a secure way.

If you call Fedora a server OS, then it shouldn't be shipping
PackageKit at all, and should have most of the PolicyKit
authentication actions defaulting to no.

So obviously we need some middle ground. I guess if the spins
"personalise" the package set then they should also personalize the
security defaults. e.g. a server spin would not include PackageKit at
all, and default to not letting users change the time. A desktop spin
would allow the desktop user to do most things without a administrator
password. The tricky part is deciding a default policy that is
suitable for all the people using Fedora, which honestly, I think is
impossible.

Richard.




More information about the fedora-devel-list mailing list