Mailinglist Archive: opensuse (1165 mails)

< Previous Next >
[opensuse] Re: Should openSUSE review it's Security Policies?
  • From: Jim Henderson <hendersj@xxxxxxxxx>
  • Date: Thu, 1 Mar 2012 21:25:33 +0000 (UTC)
  • Message-id: <jiopgc$7oi$1@dough.gmane.org>
On Thu, 01 Mar 2012 15:59:14 -0500, James Knott wrote:

Jim Henderson wrote:
I spent 15 years working in corporate IT environments as a systems
engineer, with company sizes ranging from< 200 employees to> 250,000
employees.

Just because employees can be disciplined for violating IT policy
doesn't mean (a) that they don't work around security measures put in
place, or (b) that such discipline actually happens, even though it's a
possibility.

So, your solution to a problem created by new openSUSE policy is for an
employee to violate an employers policy, if they are able to? Maybe
this is something that should be fixed at the source and make this sort
of thing optional so that those who need it have it, but those who don't
need it don't have it keeping them from doing their work.

Um, no, that's not at all what I said. Please try to avoid putting words
in my mouth - I'm fully capable of speaking for myself.

What I'm saying is that different people have different requirements
based on what their use case is for the software. Some people need
restrictive policies because they're in higher security environments.

Some people need more relaxed policies because they're (a) not in a
corporate environment, and/or (b) they have made a policy decision to not
require such tight security. As is their right.

I'm also saying that anyone who thinks that not knowing a root password
is going to prevent people from elevating their privileges doesn't
understand the requirements of physical security or how easy it is to
elevate privileges when you have physical access to a system (regardless
of what operating system you have). Saying "that's what corporate IT
policies are for" is like saying "we have laws against theft, so now we
never need to worry about people stealing things."

I'm saying that to believe that is quite naive.

Anyone who agrees with the current policy of requiring root to enable
WiFi connections is unbelievably clueless about the real world.

Not to put too fine a point on it, James, but this is complete nonsense.
You're assuming that in the "real world" everyone has the exact same
requirements for security. That is demonstrably not true.

Jim

--
Jim Henderson
Please keep on-topic replies on the list so everyone benefits

--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse+owner@xxxxxxxxxxxx

< Previous Next >
This Thread
Follow Ups