On Thursday 13 January 2011 19:05:58 Greg Freemyer wrote:
On Thu, Jan 13, 2011 at 11:23 AM, Jos Poortvliet
On Thursday 13 January 2011 17:12:58 Per Jessen
Jos Poortvliet wrote:
On Thursday 13 January 2011 08:05:35 Per Jessen
> Greg Freemyer wrote:
>> On Wed, Jan 12, 2011 at 3:51 PM, Cristian Morales Vega
>> <cmorve69(a)yahoo.es> wrote:
>>> 2011/1/12 Greg Freemyer <greg.freemyer(a)gmail.com>om>:
>>>> And it left me wondering if openSUSE has a plan related to
>>>> capabilities. Apparently some of the distros are moving to it
>>>> rapidly in an effort to eliminate SUID programs, but there may be
>>>> security holes in the new concept too, so it's pretty up in the
>>>> And my other question is where do project level design concepts
>>>> like this get discussed?
>> That looks more like a technical discussion which seems very
>> But in this case I was hoping for a statement of direction.
>> ie. "The openSUSE community has decided to restrict the use of SUID
>> by switching to Linux Capabilities instead and is targeting the
>> 12.0 release to have no SUID programs included in the release."
>> would be a statement of direction.
> That would require leadership, foresight and planning.
Or just someone who feels like taking this on. THEN such a statement
could be produced.
Not in my opinion. Unless empowered to do so, no arbitrary person can
make such fundamental decisions and claim "the project has decided".
That's called anarchy - maybe that is what we have at the moment?
I admit it's a bit more complicated than what I wrote, yes :D
The usual community process is probably something like - there is a team
responsible for some area and if they have made a decision a statement
could be made. IF such a statement is made depends on them thinking
about that or not...
So in this case, if the people in the openFATE entry decide this is
something that has to be done and some are willing to work on it, I
guess it might make sense to get out a statement like Greg wrote.
Maybe I don't know where to look, but even when decisions are made,
they tend not to be known to the community. Maybe you can help with
Any way I can, but I'm no superhero ;-)
Anyway, I watch the packaging list and every once in a
will ask about a rpmlint error they just started getting and the
answer is that the project has made a "direction" decision and is
using rpmlint to enforce it.
I have no issue with rpmlint being used this way, but I do think there
should be someway to keep up with these things other than being hit
over the head by rpmlint.
Agreed, those involved should probably document such things and of course
discuss it in public. As I can't keep an eye on all of openSUSE (and don't
think I should), it'd be great if you could discuss such things with the
people involved. If you get stuck that way, bringing it up on -project seems
like the right thing to do.
We'll all have a responsibility in this: if something that should be public
wasn't done in public, we should bring it up with those involved, discuss it
with them and try and ensure we'll do better in the future. Meanwhile, of
course, we should try and work with what we have ;-)