Security testing: need for a security policy, and a security-critical package process

[Bill Nottingham]

Gregory Maxwell (gmaxwell at gmail.com) said: 
> If some some spin decided to make every user run as root, ship with no
> firewalling,
> have password-less accounts, or have insecure services enabled by
> default, etc.

You mean Sugar as configured on the XO? (It has passwordless user,
who can su without a password.)

Bill