Mailinglist Archive: opensuse (1165 mails)

< Previous Next >
Re: [opensuse] Re: Should openSUSE review it's Security Policies?
  • From: Per Jessen <per@xxxxxxxxxxxx>
  • Date: Fri, 02 Mar 2012 15:04:14 +0100
  • Message-id: <jiqk0t$n91$1@saturn.local.net>
Jim Henderson wrote:

On Fri, 02 Mar 2012 13:23:13 +0000, Dave Howorth wrote:

There's been a huge amount of discussion in this thread about many
different use cases. But I don't think requirements analysis is
really the difficult bit. I think Werner's right.

Does anybody have any concrete suggestion for how the system should
behave? (Or better yet, some code to implement it! :)

I suggested that there be a few security profiles - a low security,
medium security, and high security profile.

Along with a tool that's easy to use to tweak the policykit policies
in the event that one of the presets doesn't meet the needs precisely
enough.

Purely a tangent here, but at least security policy related - a while
ago, I created a FATE request suggesting we alter the default settings
in the GUI to 1) always enable to screen-saver, 2) always require
password when locked and 3) prevent the user from disabling the screen
saver. It wasn't met with great approval :-(

Default to the medium security profile. Let the user pick an option
at install time, and give them a YaST module to change it if it's too
restrictive (or not restrictive enough).

The user should be able to see what the policy currently lets them do.

+1


--
Per Jessen, Zürich (15.1°C)

--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse+owner@xxxxxxxxxxxx

< Previous Next >
This Thread
Follow Ups