Security policy oversight needed?

Owen Taylor otaylor at redhat.com
Thu Nov 19 14:14:23 UTC 2009


On Thu, 2009-11-19 at 08:29 -0500, Paul W. Frields wrote:
> On Thu, Nov 19, 2009 at 12:32:50PM +0000, Richard Hughes wrote:
> > 2009/11/19 Naheem Zaffar <naheemzaffar at gmail.com>:
> > > policykit-profile-server
> > > policykit-profile-controlled-deployment
> > > policykit-profile-personal-desktop
> > 
> > Sure, that's not an insane idea at all. I would imagine most network
> > admins worth their salt would be shipping custom PolicyKit overrides
> > in F12 anyway. Aim for the desktop use cases on the "Desktop" spin,
> > and let other spins change the defaults.
> 
> It makes sense to me for the upstream defaults to be fairly
> restrictive, with changes being made downstream in distros (and their
> remixes/spins) to loosen those up as needed.  In other words, our
> desktop package group would include whatever was needed to induce the
> desired behavior in the Desktop spin.  A good bit of this issue would
> need to be addressed upstream though.  (Maybe I just repeated what you
> said, not sure if I caught the nuance.)

This idea comes up a lot - that we can make Fedora packages be
uncontroversial raw material, and then make the hard decisions at the
spin level. (I'm speaking more generally than this particular issue.)

It doesn't work practically: configuration for packages needs to live
with the package. Putting gigantic amounts of configuration into the 
%post of a kickstart file quickly becomes unmanageable. And the idea
that we make configuration changes in the %post of the kickstart really
falls part badly once people start upgrading their install to the next
version of Fedora.

It doesn't work statistically: people in general don't get upset about
decisions made about the desktop because they aren't using a desktop.
They get upset because they *are* using a desktop and have a different
vision for that detail.

It doesn't work out conceptually: you can't escape having to make
decisions. If the only vision we have is how the Desktop spin works,
then what policy goes into the package? Practically speaking it will be
the configuration that was designed for the desktop spin, with various
random changes and missing pieces where people yelled a lot on
fedora-devel-list. That's not a coherent operating system. (And it's a
bad basis for spins other than the Desktop spin.)

- Owen





More information about the fedora-devel-list mailing list