Re: Security testing: need for a security policy, and a security-critical package process | |
| [Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] | |
On Mon, 2009-11-23 at 14:08 -0800, Adam Williamson wrote: > It's not QA's role to define exactly what the security policy should > look like or what it should cover, but from the point of view of > testing, what we really need are concrete requirements. The policy does > not have to be immediately comprehensive - try and cover every possible > security-related issue - to be valuable. Something as simple as spot's > proposed list of things an unprivileged user must not be able to do - > http://spot.livejournal.com/312216.html - would serve a valuable purpose > here. I don't think spots list is too useful, unfortunately; discussing an abstract 'unprivileged user' without defining some roles and use cases doesn't make much sense to me. There is probably a difference between a guest account and a regular (non-admin) user in what I want them to be able to do; 'unprivileged user' does not allow that distinction. And there is certainly a difference between what a regular user is expected to be allowed on a family computer vs a university computer lab. -- Fedora-security-list mailing list Fedora-security-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-security-list
[Home] [Fedora Legacy List] [Fedora Maintainers] [Fedora Desktop] [Red Hat 9 Bible] [Fedora Bible] [Fedora SELinux] [Big List of Linux Books] [Yosemite News] [Yosemite Photos] [KDE Users] [Coolkey] [Fedora Tools]
