On Tuesday, May 22, 2012 19:52:33 Robert Schweikert wrote:
On 05/22/2012 08:48 AM, Andreas Jaeger wrote:
I just put the following on my blog as well (http://jaegerandi.blogspot.de)
and look forward to your help defining a better policy: [snip]
Call for action: Review and discuss http://en.opensuse.org/openSUSE:Security_use_cases using the following questions: * Are there any use cases missing?
IMHO the list appears pretty complete.
Maybe "Insert CD/DVD" for music/movie playing use case could be added to the page. But this is handled automatically by the DEs thus it may be mentioned for "completeness" or just be left off the list.
Go ahead and add it to the wiki, please.
* Is there any thing missing in the specific use cases?
I think we could have a "severity" rating for the "system wide action" assessments. For example "adding a repo" has a high severity value, lets say 5 (scale 0 - 5) while "updating installed packages from trusted repo" would have a low severity rating, maybe 1. This might provide a guideline to help us decide whether we want the root password or not.
* How can we solve these use cases so that a system is easy to setup
for the most common usage scenarios?
I think we could have a "simple" YaST dialog that lets the sysadmin configure settings to her/his needs/liking. I could imagine something like the attached sketch should suffice.
This is flexible, easily expandable, and implementation shouldn't be too terribly time consuming. The underlying assumption is that all processes affected support policy kit. The result is that the dialog simply writes out policy kit rules.
Yes, something like that should work for the IMO 10% of esoteric use case. The question remains: How to setup the system by default? What questions should be asked? Andreas -- Andreas Jaeger aj@{suse.com,opensuse.org} Twitter/Identica: jaegerandi SUSE LINUX Products GmbH, Maxfeldstr. 5, 90409 Nürnberg, Germany GF: Jeff Hawn,Jennifer Guild,Felix Imendörffer,HRB16746 (AG Nürnberg) GPG fingerprint = 93A3 365E CE47 B889 DF7F FED1 389A 563C C272 A126 -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org