Fedora 12 and unprivileged package installation [LWN.net]

Fedora 12 and unprivileged package installation

Posted Nov 21, 2009 16:34 UTC (Sat) by AdamW (subscriber, #48457)
In reply to: Fedora 12 and unprivileged package installation by JoeBuck
Parent article: Fedora 12 and unprivileged package installation

Sort of a fair point, but for most distributions it's not practical to have a security expert working on every application which could possibly have security implications (...er, just about all of 'em). Hence, as has already been discussed, the improvement needed here is just to ensure that Fedora's processes ensure there's more oversight of potentially sensitive changes to any component. Seth Vidal is already working on a proposal for this.

to post comments

Security policy expertise

Posted Nov 21, 2009 19:06 UTC (Sat) by PO8 (guest, #41661) [Link]

Wha? Nobody is asking you to have a security expert working on "every application". They're asking you to have a security expert working on the applications which control your security policy. Especially when those applications are new and present unique challenges. Any distro that can't afford that should stick with the tried-and-true UNIX security model and its implementation rather than trying to innovate in the security policy arena.