fedora-devel-list@redhat.com
[Top] [All Lists]

Re: Security testing: need for a security policy, and a security-critic

Subject: Re: Security testing: need for a security policy, and a security-critical package process
From: Gregory Maxwell
Date: Mon, 23 Nov 2009 21:18:10 -0500
On Mon, Nov 23, 2009 at 9:10 PM, Adam Williamson <awilliam@xxxxxxxxxx> wrote:
> Having said that - is everyone agreeing that it's fine for each spin SIG
> to be entirely in charge of defining and implementing security policy
[snip]

Different spins having different security makes sense, especially if the
differences are well documented.

Hopefully the differences are an invitation to do bone-headed things:

If some some spin decided to make every user run as root, ship with no
firewalling,
have password-less accounts, or have insecure services enabled by
default, etc. it
would risk tarnishing the Fedora image and result in Fedora being
banned from networks
even if it really was just the insecure-spin.  I'm sure that everyone
can be trusted
not to do these things, but it may be worth stating explicitly that
security should
be a goal for all spinsâ only the details of the trade-offs should differ.

-- 
fedora-devel-list mailing list
fedora-devel-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-devel-list

<Prev in Thread] Current Thread [Next in Thread>