I just put the following on my blog as well (http://jaegerandi.blogspot.de) and look forward to your help defining a better policy: The openSUSE security concepts have been changed gradually over the years with new tools like PolicyKit, PolKit and its usage in system tools. It's time now to step back, and review what we have and want. Marcus and Ludwig from the SUSE security team and myself have discusssed over the last weeks a bit and like to open this to a broader round now to get your help defining what needs to be done. = Challenges we face = Administrating a system in a secure way is always balancing the needs and requests of security, convenience and usability. There's also the additional challenge that upstream projects often have a different view on either of these and therefore make different decisions and influencing upstream projects is quite often a difficult task. = Background = Linus Torvalds in his Google+ rant (https://plus.google.com/u/0/102150693225130002912/posts/1vyfmNCYpi5) "I first spent weeks arguing on a bugzilla that the security policy of requiring the root password for changing the timezone and adding a new wireless network was moronic and wrong. I think the wireless network thing finally did get fixed, but the timezone never did - it still asks for the admin password. And today Daniela calls me from school, because she can't add the school printer without the admin password. ... So here's a plea: if you have anything to do with security in a distro, and think that my kids (replace "my kids" with "sales people on the road" if you think your main customers are businesses) need to have the root password to access some wireless network, or to be able to print out a paper, or to change the date-and-time settings, ..." = How to continue? = We've collected a couple of use cases for the administration of a local system at: http://en.opensuse.org/openSUSE:Security_use_cases For each use case we added a short security evaluation but in most cases don't give a recommendation on what to do. Call for action: Review and discuss http://en.opensuse.org/openSUSE:Security_use_cases using the following questions: * Are there any use cases missing? * Is there any thing missing in the specific use cases? * How can we solve these use cases so that a system is easy to setup for the most common usage scenarios? Let's do the discussion on the opensuse-factory mailing list, I'll update the document with any improvements. Feel free to enhance it as well. Andreas -- Andreas Jaeger aj@{suse.com,opensuse.org} Twitter/Identica: jaegerandi SUSE LINUX Products GmbH, Maxfeldstr. 5, 90409 Nürnberg, Germany GF: Jeff Hawn,Jennifer Guild,Felix Imendörffer,HRB16746 (AG Nürnberg) GPG fingerprint = 93A3 365E CE47 B889 DF7F FED1 389A 563C C272 A126 -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org