Security testing: need for a security policy, and a security-critical package process
Seth Vidal
skvidal at fedoraproject.org
Tue Nov 24 00:54:11 UTC 2009
On Mon, 23 Nov 2009, Matthias Clasen wrote:
> I don't want to ship a desktop that doesn't let the user do useful
> things.
And you can ship a desktop SPIN that way. But the base pkgs should not
install with an insecure set of choices.
if you want the spin to have a post-scriptlet which allows more things,
then that's the choice of the desktop sig over the desktop spin.
We should not be forcing the choices for the desktop spin on everyone who
installs a pkg in the distribution.
-sv
More information about the fedora-devel-list
mailing list