On Thursday 13 January 2011 17:12:58 Per Jessen wrote:
Jos Poortvliet wrote:
On Thursday 13 January 2011 08:05:35 Per Jessen wrote:
Greg Freemyer wrote:
On Wed, Jan 12, 2011 at 3:51 PM, Cristian Morales Vega
<cmorve69@yahoo.es> wrote:
2011/1/12 Greg Freemyer <greg.freemyer@gmail.com>:
And it left me wondering if openSUSE has a plan related to capabilities. Apparently some of the distros are moving to it rapidly in an effort to eliminate SUID programs, but there may be security holes in the new concept too, so it's pretty up in the air.
And my other question is where do project level design concepts like this get discussed?
That looks more like a technical discussion which seems very appropriate.
But in this case I was hoping for a statement of direction.
ie. "The openSUSE community has decided to restrict the use of SUID by switching to Linux Capabilities instead and is targeting the 12.0 release to have no SUID programs included in the release." would be a statement of direction.
That would require leadership, foresight and planning.
Or just someone who feels like taking this on. THEN such a statement could be produced.
Hi Jos,
Not in my opinion. Unless empowered to do so, no arbitrary person can make such fundamental decisions and claim "the project has decided". That's called anarchy - maybe that is what we have at the moment?
I admit it's a bit more complicated than what I wrote, yes :D The usual community process is probably something like - there is a team responsible for some area and if they have made a decision a statement could be made. IF such a statement is made depends on them thinking about that or not... So in this case, if the people in the openFATE entry decide this is something that has to be done and some are willing to work on it, I guess it might make sense to get out a statement like Greg wrote.
/Per