Re: [opensuse-project] Does openSUSE have an opinion of "Linux capabilities"?
On Thursday 13 January 2011 17:12:58 Per Jessen wrote:
Jos Poortvliet wrote:
On Thursday 13 January 2011 08:05:35 Per Jessen wrote:
Greg Freemyer wrote:
On Wed, Jan 12, 2011 at 3:51 PM, Cristian Morales Vega
<cmorve69@yahoo.es> wrote:
2011/1/12 Greg Freemyer <greg.freemyer@gmail.com>:
And it left me wondering if openSUSE has a plan related to capabilities. Apparently some of the distros are moving to it rapidly in an effort to eliminate SUID programs, but there may be security holes in the new concept too, so it's pretty up in the air.
And my other question is where do project level design concepts like this get discussed?
That looks more like a technical discussion which seems very appropriate.
But in this case I was hoping for a statement of direction.
ie. "The openSUSE community has decided to restrict the use of SUID by switching to Linux Capabilities instead and is targeting the 12.0 release to have no SUID programs included in the release." would be a statement of direction.
That would require leadership, foresight and planning.
Or just someone who feels like taking this on. THEN such a statement could be produced.
Hi Jos,
Not in my opinion. Unless empowered to do so, no arbitrary person can make such fundamental decisions and claim "the project has decided". That's called anarchy - maybe that is what we have at the moment?
I admit it's a bit more complicated than what I wrote, yes :D The usual community process is probably something like - there is a team responsible for some area and if they have made a decision a statement could be made. IF such a statement is made depends on them thinking about that or not... So in this case, if the people in the openFATE entry decide this is something that has to be done and some are willing to work on it, I guess it might make sense to get out a statement like Greg wrote.
/Per
On Thu, Jan 13, 2011 at 11:23 AM, Jos Poortvliet <jospoortvliet@gmail.com> wrote:
On Thursday 13 January 2011 17:12:58 Per Jessen wrote:
Jos Poortvliet wrote:
On Thursday 13 January 2011 08:05:35 Per Jessen wrote:
Greg Freemyer wrote:
On Wed, Jan 12, 2011 at 3:51 PM, Cristian Morales Vega
<cmorve69@yahoo.es> wrote:
2011/1/12 Greg Freemyer <greg.freemyer@gmail.com>: > And it left me wondering if openSUSE has a plan related to > capabilities. Apparently some of the distros are moving to it > rapidly in an effort to eliminate SUID programs, but there may be > security holes in the new concept too, so it's pretty up in the air. > > And my other question is where do project level design concepts like > this get discussed?
That looks more like a technical discussion which seems very appropriate.
But in this case I was hoping for a statement of direction.
ie. "The openSUSE community has decided to restrict the use of SUID by switching to Linux Capabilities instead and is targeting the 12.0 release to have no SUID programs included in the release." would be a statement of direction.
That would require leadership, foresight and planning.
Or just someone who feels like taking this on. THEN such a statement could be produced.
Hi Jos,
Not in my opinion. Unless empowered to do so, no arbitrary person can make such fundamental decisions and claim "the project has decided". That's called anarchy - maybe that is what we have at the moment?
I admit it's a bit more complicated than what I wrote, yes :D
The usual community process is probably something like - there is a team responsible for some area and if they have made a decision a statement could be made. IF such a statement is made depends on them thinking about that or not...
So in this case, if the people in the openFATE entry decide this is something that has to be done and some are willing to work on it, I guess it might make sense to get out a statement like Greg wrote.
Jos, Maybe I don't know where to look, but even when decisions are made, they tend not to be known to the community. Maybe you can help with that. Anyway, I watch the packaging list and every once in a while, someone will ask about a rpmlint error they just started getting and the answer is that the project has made a "direction" decision and is using rpmlint to enforce it. I have no issue with rpmlint being used this way, but I do think there should be someway to keep up with these things other than being hit over the head by rpmlint. Greg -- To unsubscribe, e-mail: opensuse-project+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-project+help@opensuse.org
Greg Freemyer wrote:
Jos,
Maybe I don't know where to look, but even when decisions are made, they tend not to be known to the community.
At least not until they're are a fait accompli, and then we (the community) are often sat there wondering where that came from. -- Per Jessen, Zürich (9.4°C) -- To unsubscribe, e-mail: opensuse-project+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-project+help@opensuse.org
On Thursday 13 January 2011 19:05:58 Greg Freemyer wrote:
On Thu, Jan 13, 2011 at 11:23 AM, Jos Poortvliet
<jospoortvliet@gmail.com> wrote:
On Thursday 13 January 2011 17:12:58 Per Jessen wrote:
Jos Poortvliet wrote:
On Thursday 13 January 2011 08:05:35 Per Jessen wrote:
Greg Freemyer wrote:
On Wed, Jan 12, 2011 at 3:51 PM, Cristian Morales Vega
<cmorve69@yahoo.es> wrote: > 2011/1/12 Greg Freemyer <greg.freemyer@gmail.com>: >> And it left me wondering if openSUSE has a plan related to >> capabilities. Apparently some of the distros are moving to it >> rapidly in an effort to eliminate SUID programs, but there may be >> security holes in the new concept too, so it's pretty up in the >> air. >> >> And my other question is where do project level design concepts >> like this get discussed? > > https://features.opensuse.org/307254
That looks more like a technical discussion which seems very appropriate.
But in this case I was hoping for a statement of direction.
ie. "The openSUSE community has decided to restrict the use of SUID by switching to Linux Capabilities instead and is targeting the 12.0 release to have no SUID programs included in the release." would be a statement of direction.
That would require leadership, foresight and planning.
Or just someone who feels like taking this on. THEN such a statement could be produced.
Hi Jos,
Not in my opinion. Unless empowered to do so, no arbitrary person can make such fundamental decisions and claim "the project has decided". That's called anarchy - maybe that is what we have at the moment?
I admit it's a bit more complicated than what I wrote, yes :D
The usual community process is probably something like - there is a team responsible for some area and if they have made a decision a statement could be made. IF such a statement is made depends on them thinking about that or not...
So in this case, if the people in the openFATE entry decide this is something that has to be done and some are willing to work on it, I guess it might make sense to get out a statement like Greg wrote.
Jos,
Maybe I don't know where to look, but even when decisions are made, they tend not to be known to the community. Maybe you can help with that.
Any way I can, but I'm no superhero ;-)
Anyway, I watch the packaging list and every once in a while, someone will ask about a rpmlint error they just started getting and the answer is that the project has made a "direction" decision and is using rpmlint to enforce it.
I have no issue with rpmlint being used this way, but I do think there should be someway to keep up with these things other than being hit over the head by rpmlint.
Agreed, those involved should probably document such things and of course discuss it in public. As I can't keep an eye on all of openSUSE (and don't think I should), it'd be great if you could discuss such things with the people involved. If you get stuck that way, bringing it up on -project seems like the right thing to do. We'll all have a responsibility in this: if something that should be public wasn't done in public, we should bring it up with those involved, discuss it with them and try and ensure we'll do better in the future. Meanwhile, of course, we should try and work with what we have ;-)
Greg
cheers, Jos
participants (3)
-
Greg Freemyer -
Jos Poortvliet -
Per Jessen