Security testing: need for a security policy, and a security-critical package process
Bill Nottingham
notting at redhat.com
Tue Nov 24 18:29:11 UTC 2009
Gregory Maxwell (gmaxwell at gmail.com) said:
> If some some spin decided to make every user run as root, ship with no
> firewalling,
> have password-less accounts, or have insecure services enabled by
> default, etc.
You mean Sugar as configured on the XO? (It has passwordless user,
who can su without a password.)
Bill
More information about the fedora-devel-list
mailing list