A Topic that needs to be discussed on next the QA meeting..
Jon Stanley
jonstanley at gmail.com
Mon Mar 17 23:19:28 UTC 2008
On Mon, Mar 17, 2008 at 5:49 PM, Johann B. Gudmundsson <johannbg at hi.is> wrote:
> See bugs
> https://bugzilla.redhat.com/show_bug.cgi?id=437811
> https://bugzilla.redhat.com/show_bug.cgi?id=136289
> https://bugzilla.redhat.com/show_bug.cgi?id=147557
>
> In my books this fails QA bigtime and poses a MAJOR security risk for
> the end user(s).
Your book is not everyone's, nor probably even the majority of
people's. I for one use sshd on *every* machine that I own (yes, I
even login to my desktop remotely - that's how I IRC).
> Either a respins with this *feature* needs to be done or a
> reintroduction of Desktop/Server install
> with the server install enabling this feature..
Nah, it's a sane default. If you wanna go down this road, choose
something that has *actual* security implications (beyond someone
possibly brute-forcing a poorly chosen password - users can shoot
themselves in the foot via many means. Anaconda even warns of a
poorly chosen rootpw now).
> It's good that some one in QA board can contact Fedora Security team and
> get their input on this issue.
QA Board??? I didn't know such a thing existed. I nominate myself :)
Seriously, Jeremy would be about the closest thing that you come to
that (Will and Jesse as well).
> Are we targeting Desktop/Home user or not?
Along with many other segments.
> If so then we have to make it hard for them to accidentally shoot them
> self in foot security wize...
Users can shoot themselves in the foot via lots of methods. I don't
see this one being particularly egregious.
> I mean a noob user accidentally turned of his firewall during install
> with the current default installation options leaves
> him open to how many security risks? ( none is the right answer )...
Well, that's no longer a default installation then, is it? Should we
disable CUPS too? (that at least has a recent history of issues).
> I'm gonna reopen this mark Anaconda as FAILED_QA then after this has
> had a proper discussion
> with input from Fedora-Security-Team a QA board member can CLOSE this or
> it will be FIXED.
It is already CLOSED NOTABUG, and should remain that way.
More information about the fedora-test-list
mailing list