On Tue, Nov 13, 2012 at 10:26:28AM -0500, Steve Grubb wrote: > With name = value, the vulnerability would likely be in the compiled code > and the compliance check would pass. In this case the settings are > verifiably correct because the config file is not changed and part of the > compliance check usually involves running the OVAL content the Red Hat > security response team generates which checks the rpm version.
This discussion seems significantly beyond "remove polkit from core". I had seen the announcement about Javascript in Polkit and kinda shrugged -- not my ideal as a sysadmin, but, I thought, whatever. The concerns you raise go beyond the preferences of sysadmins (who, I think as a rule prefer key-value config files to complex ones). Of course, Fedora isn't (at least, not right now) targetted at the high-security situations you describe, but our major downstream consumer sure is. What (if anything) should Fedora do here? What are our options? -- Matthew Miller ☁☁☁ Fedora Cloud Architect ☁☁☁ <mat...@fedoraproject.org> -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
