On Thu, 5 Mar 2015 09:56:41 -0600 Chris Adams <li...@cmadams.net> wrote:
> Once upon a time, Adam Jackson <a...@redhat.com> said: > > False. It's entirely reasonable for a product to mandate an > > appropriate security policy, so until and unless we move account > > creation entirely to firstboot, it's something the installer will > > have to expose. > > The installer should not enforce a policy that does not match the > installed system. AFAIK the "passwd" command will still let root use > any password (with just a warning), so the installer should do the > same. > > It sounds like that's the decision FESCo approved. No. The decision was that we need a better overall policy/story instead of all the different parts doing their own thing and causing just the above thing you note. Would you like to help gather information and draft some policy? ;) IMHO, it would need to gather in: * sshd policy * passwd policy * policykit * sudo * anaconda * gnome-keyring? * DMs? * tons of other stuff I am likely not thinking of. Ideally we could have a base policy, then perhaps some changes/differences for the various products. Also a way, much like the recent ssl cert stuff to change the policy in one place instead of 50. kevin
pgpwbb3ZcemoF.pgp
Description: OpenPGP digital signature
-- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
