Google
  Web www.spinics.net

Re: Security testing: need for a security policy, and a security-critical package process

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]


On Mon, 2009-11-23 at 19:38 -0500, Matthias Clasen wrote:

> How that translates in packages and defaults is not really the most
> important part, but the plan is to have strict package defaults + a
> policy package that makes things work. 
> 
> The important part is that we QA the combination, not just the strict
> defaults. 

Right. If the Grand Plan is to go down this path, then what I've been
referring to as 'the security policy' would include the policies defined
for each spin, and hence any testing QA did for any given spin would
involve the policy defined for that spin.

Having said that - is everyone agreeing that it's fine for each spin SIG
to be entirely in charge of defining and implementing security policy
for each spin? At the very least, that would possibly be problematic
given the known border issues between 'the desktop spin' and 'Fedora'.
Just another issue contributing to why we would need to settle that.

-- 
Adam Williamson
Fedora QA Community Monkey
IRC: adamw | Fedora Talk: adamwill AT fedoraproject DOT org
http://www.happyassassin.net

--
Fedora-security-list mailing list
Fedora-security-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-security-list

[Home]     [Fedora Legacy List]     [Fedora Maintainers]     [Fedora Desktop]     [Red Hat 9 Bible]     [Fedora Bible]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Coolkey]     [Fedora Tools]

Powered by Linux

Google
  Web www.spinics.net