Re: Security testing: need for a security policy, and a security-critica

fedora-devel-list@redhat.com

Re: Security testing: need for a security policy, and a security-critica

from [Seth Vidal]

Subject:	Re: Security testing: need for a security policy, and a security-critical package process
From:	Seth Vidal
Date:	Tue, 24 Nov 2009 13:44:16 -0500 EST



On Tue, 24 Nov 2009, Bill Nottingham wrote:

I don't want to ship a desktop that doesn't let the user do useful
things.


And you can ship a desktop SPIN that way. But the base pkgs should
not install with an insecure set of choices.

if you want the spin to have a post-scriptlet which allows more
things, then that's the choice of the desktop sig over the desktop
spin.


Given how .pkla works, this is likely to be done with packages, not
with %post hackery. (Which should make it much easier to reliably
test, as well.)

provided those pkgs are not required anywhere or set in our default pkggroups, then sure.


-sv

--
fedora-devel-list mailing list
fedora-devel-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-devel-list

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
Re: Security testing: need for a security policy, and a security-critical package process, (continued) Re: Security testing: need for a security policy, and a security-critical package process, Matthias Clasen Re: Security testing: need for a security policy, and a security-critical package process, Seth Vidal Re: Security testing: need for a security policy, and a security-critical package process, Matthias Clasen Re: Security testing: need for a security policy, and a security-critical package process, Seth Vidal Re: Security testing: need for a security policy, and a security-critical package process, Matthias Clasen Re: Security testing: need for a security policy, and a security-critical package process, Seth Vidal Re: Security testing: need for a security policy, and a security-critical package process, Matthias Clasen Re: Security testing: need for a security policy, and a security-critical package process, Bill Nottingham Re: Security testing: need for a security policy, and a security-critical package process, Adam Williamson Re: Security testing: need for a security policy, and a security-critical package process, Adam Williamson Re: Security testing: need for a security policy, and a security-critical package process, Seth Vidal <= Re: Security testing: need for a security policy, and a security-critical package process, Adam Williamson Re: Security testing: need for a security policy, and a security-critical package process, Gregory Maxwell Re: Security testing: need for a security policy, and a security-critical package process, Bill Nottingham Re: Security testing: need for a security policy, and a security-critical package process, Matthew Miller Re: Security testing: need for a security policy, and a security-critical package process, Chris Ball Re: Security testing: need for a security policy, and a security-critical package process, Bill Nottingham Re: Security testing: need for a security policy, and a security-critical package process, Adam Williamson Re: Security testing: need for a security policy, and a security-critical package process, Bill Nottingham Re: Security testing: need for a security policy, and a security-critical package process, Adam Williamson Re: Security testing: need for a security policy, and a security-critical package process, Chris Ball

Previous by Date:	Re: Security testing: need for a security policy, and a security-critical package process, Adam Williamson
Next by Date:	Re: F12 install stops at screen switch (language select), Adam Williamson
Previous by Thread:	Re: Security testing: need for a security policy, and a security-critical package process, Adam Williamson
Next by Thread:	Re: Security testing: need for a security policy, and a security-critical package process, Adam Williamson
Indexes:	[Date] [Thread] [Top] [All Lists]