On Wed, Jan 12, 2011 at 3:51 PM, Cristian Morales Vega <cmorve69@yahoo.es> wrote:
2011/1/12 Greg Freemyer <greg.freemyer@gmail.com>:
And it left me wondering if openSUSE has a plan related to capabilities. Apparently some of the distros are moving to it rapidly in an effort to eliminate SUID programs, but there may be security holes in the new concept too, so it's pretty up in the air.
And my other question is where do project level design concepts like this get discussed?
That looks more like a technical discussion which seems very appropriate. But in this case I was hoping for a statement of direction. ie. "The openSUSE community has decided to restrict the use of SUID by switching to Linux Capabilities instead and is targeting the 12.0 release to have no SUID programs included in the release." would be a statement of direction. It seems high-level direction like this is only provided via rpmlint telling packagers that their packages are no longer accepted. Non-packagers have no idea. It seems there should at least be a wiki page that tracks these types of rpmlint enforced initiatives. Greg -- To unsubscribe, e-mail: opensuse-project+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-project+help@opensuse.org