Security policy oversight needed?
Simo Sorce
ssorce at redhat.com
Thu Nov 19 00:21:31 UTC 2009
On Wed, 2009-11-18 at 17:58 -0600, Chris Adams wrote:
> Any package (whether new or an update) that adds/changes PolicyKit,
> consolehelper, or PAM configuration, and anything that installs new
> setuid/setgid executables, should require some additional third-party
> review. Any significant changes that passes review should require some
> minimum amount of advance notice and documentation on how to revert
> (preferably in some common easy-to-find place in the wiki).
>
> Is this feasible?
Looks like a very good idea to me.
> Who needs to look at this?
Fesco ?
Simo.
--
Simo Sorce * Red Hat, Inc * New York
More information about the fedora-devel-list
mailing list