On Fri, Mar 14, 2014 at 03:56:47PM -0400, Eric H. Christensen wrote: > On Fri, Mar 14, 2014 at 07:45:53PM +0000, Matthew Garrett wrote: > > The failure mode of making the wrong choice regarding an encrypted > > partition or the default user being an administrator involves the system > > *continuing to work*. The failure mode of making the wrong choice > > regarding security policy is that things you expect to work mysteriously > > don't. > > What exactly do you think would be done with one of these policies? You seem > to think that an incorrect choice will brick a system.
If an incorrect choice means that the software the user wants to run won't run, that's going to be a problem for the user. And we presumably expect that some software won't run, because otherwise we'd be enabling that security feature by default? A user who accidentally installs a profile that enables FIPS compliance is going to have a bad time, for instance. -- Matthew Garrett | mj...@srcf.ucam.org -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
