Mailinglist Archive: opensuse (1165 mails)

< Previous Next >
Re: [opensuse] Re: Should openSUSE review it's Security Policies?
  • From: Per Jessen <per@xxxxxxxxxxxx>
  • Date: Fri, 02 Mar 2012 15:04:14 +0100
  • Message-id: <jiqk0t$n91$>
Jim Henderson wrote:

On Fri, 02 Mar 2012 13:23:13 +0000, Dave Howorth wrote:

There's been a huge amount of discussion in this thread about many
different use cases. But I don't think requirements analysis is
really the difficult bit. I think Werner's right.

Does anybody have any concrete suggestion for how the system should
behave? (Or better yet, some code to implement it! :)

I suggested that there be a few security profiles - a low security,
medium security, and high security profile.

Along with a tool that's easy to use to tweak the policykit policies
in the event that one of the presets doesn't meet the needs precisely

Purely a tangent here, but at least security policy related - a while
ago, I created a FATE request suggesting we alter the default settings
in the GUI to 1) always enable to screen-saver, 2) always require
password when locked and 3) prevent the user from disabling the screen
saver. It wasn't met with great approval :-(

Default to the medium security profile. Let the user pick an option
at install time, and give them a YaST module to change it if it's too
restrictive (or not restrictive enough).

The user should be able to see what the policy currently lets them do.


Per Jessen, Zürich (15.1°C)

To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse+owner@xxxxxxxxxxxx

< Previous Next >
This Thread
Follow Ups