Miloslav Trmač (m...@volny.cz) said: > There are two ways to avoid this limitation and get better security: either > be a security expert or paranoid yourself (and in that case you don't need > anaconda's handholding), or have an expert (that you trust or have to > listen to) make an informed choice for you.
Sure. Leaving out the first case (IMO, those that can write their own SCAP policy know how to apply it), let's look at the second. By deferring to an expert, you're saying that the end user does not know enough to make a coherent decision on the individual points. This works in a larger-scale enterprise use, because those users are expected to just defer to the corporate policy where someone has decided what sort of machine you have, and what the expected policy for that is. Now take the general case of all interactive installs. If we accept that the end user, in general, does not have the expertise to decide on the details of the security policy, how does exposing it in the installer in this way help? You'd need a much more clearly defined description of the policies, delination of them by use cases, and so on - speak to the user in terms that they understand. Having it done by URLs (hey, are we checking the ceritficate on that https server?), or by a low/medium/high distinction doesn't appear to be the right paradigm. Bill -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
