Lock screen does not work for root in gnome

[Nicolas Mailhot]

Le mardi 19 octobre 2004 à 20:19 +0200, Kyrre Ness Sjobak a écrit :

> Anyway, how much is a computer that the user cant use because it is to
> tigthly locked up, worth? Why dont we remove tcp/ip altogether? Or
> simply the kernel? If the user cant boot it, then it is *really* secure.
> And make it forget all data that is saved to disk, just to make sure
> that it cant be read later by somebody evil?
> 
> Security can go to far. I do not think security is a bad thing - i just
> think that it should not get in the way when it is not nesessary.

Security is not something you bolt on as an afterthought. You get
security by putting it in the picture from day one, and accepting it
will cost you in terms of features at first because the time spent on
security won't be spent elsewhere.

If you can't accept the compromises security forces on you because of
the inconvenience, then you *will* have to do stupid radical measures
like removing networking to get your security certification later.

I'm all for measures like deprecating root and gradually remove any
incentive to do things the insecure way. It's way better than doing an
hatchet job the day you realise that because of all the slightly
inconvenient decisions that were never taken your security model is
about to collapse (The periodic app mass extinctions windows suffers are
a good example. The two last ones were named windows 2000 and XP SP2 I
think)

-- 
Nicolas Mailhot
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: Ceci est une partie de message num?riquement sign?e
URL: <http://listman.redhat.com/archives/fedora-devel-list/attachments/20041019/abf8a021/attachment.sig>