Extras Security Policy
wtogami at redhat.com
Thu Sep 8 09:43:44 UTC 2005
Hans de Goede wrote:
> Besides that we need a clear security policy to be written and approved
> by fesco:
> We really need an FE security team which wathces over FE's security
Generally everyone agrees about "need" ...
> I'm in no way volunteering todo any of the work this will cause, not
> because I don't want to, but because I don't have the time.
but security is *hard* for volunteers to do. Nobody is accountable
because it isn't their job responsibility. Volunteers generally do the
"fun" things first, and sometimes one-time harder problems. This does
not describe what it takes to maintain eternal vigilance necessary of
people focused on security in the long-term. I am talking here of
realistic expectations of volunteer capability.
The referenced LWN security article writer was surprised by Debian's
slowest response time to security issues, and while they were impressed
by Fedora and other company supported distribution support times, they
were concerned about community maintained distros like Extras. This is
indicative of the ability of volunteer groups to adequately deal with
(The example that they used of Clamav however was strange, in that
Extras actually did do a decent job of quickly upgrading to 0.86.2 after
the advisory was released.)
It is problematic to say "We really need an FE security team" but also
say, "I'm in no way volunteering todo any of the work". This too is
indicative of realistic capabilities and expectations of volunteers.
There are things that we can do like improve the package review
guidelines for security aspects like you suggested. This is a good
first step, because it means everyone in a little way is responsible for
security. "Many eyes."
There are some technical challenges here that we need to deal with like
the user accounts in packages. After years of loud yelling, we still
have not come to any consensus about users used by packaged services.
The current way relied upon by Core packages is broken and unscalable
because it relies on a finite small set of userid's. Arbitrary
packages can easily clash, or we could simply run out of numbers.
Enrico tried to address this with the fedora-usermgmt* stuff, but nobody
understands it and some have actively removed its usage from packages.
The packaged user problem is something that we need to come to consensus
on if we are going to move forward with unambiguous written policy.
Unambiguous written policy is the key here.
wtogami at redhat.com
More information about the fedora-extras-list