Re: FESCo Meeting Minutes (2015-03-04)
[Posted April 8, 2015 by n8willis]
| From: |
| Kevin Fenzi <kevin-AT-scrye.com> |
| To: |
| devel-AT-lists.fedoraproject.org |
| Subject: |
| Re: FESCo Meeting Minutes (2015-03-04) |
| Date: |
| Thu, 5 Mar 2015 09:12:29 -0700 |
| Message-ID: |
| <20150305091229.1ac4cd58@voldemort.scrye.com> |
| Archive‑link: | |
Article |
On Thu, 5 Mar 2015 09:56:41 -0600
Chris Adams <linux@cmadams.net> wrote:
> Once upon a time, Adam Jackson <ajax@redhat.com> said:
> > False. It's entirely reasonable for a product to mandate an
> > appropriate security policy, so until and unless we move account
> > creation entirely to firstboot, it's something the installer will
> > have to expose.
>
> The installer should not enforce a policy that does not match the
> installed system. AFAIK the "passwd" command will still let root use
> any password (with just a warning), so the installer should do the
> same.
>
> It sounds like that's the decision FESCo approved.
No. The decision was that we need a better overall policy/story instead
of all the different parts doing their own thing and causing just the
above thing you note.
Would you like to help gather information and draft some policy? ;)
IMHO, it would need to gather in:
* sshd policy
* passwd policy
* policykit
* sudo
* anaconda
* gnome-keyring?
* DMs?
* tons of other stuff I am likely not thinking of.
Ideally we could have a base policy, then perhaps some
changes/differences for the various products. Also a way, much like the
recent ssl cert stuff to change the policy in one place instead of 50.
kevin
--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
