On Mon, Nov 23, 2009 at 9:10 PM, Adam Williamson <awilliam@xxxxxxxxxx> wrote:
> Having said that - is everyone agreeing that it's fine for each spin SIG
> to be entirely in charge of defining and implementing security policy
Different spins having different security makes sense, especially if the
differences are well documented.
Hopefully the differences are an invitation to do bone-headed things:
If some some spin decided to make every user run as root, ship with no
have password-less accounts, or have insecure services enabled by
default, etc. it
would risk tarnishing the Fedora image and result in Fedora being
banned from networks
even if it really was just the insecure-spin. I'm sure that everyone
can be trusted
not to do these things, but it may be worth stating explicitly that
be a goal for all spinsâ only the details of the trade-offs should differ.
fedora-devel-list mailing list