Source-Changes-D archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: CVS commit: src/etc



    Date:        Mon, 14 Jan 2019 11:59:51 +1100
    From:        matthew green <mrg%eterna.com.au@localhost>
    Message-ID:  <10889.1547427591%splode.eterna.com.au@localhost>

  | i don't agree with this.
  |
  | if we were going to make things easy for naive users

I didn't say "easy" for naive users, I said "most useful".   That might
mean "suitably secure" rather than "simply works" and is a different
discussion.

One possibility here, might be to make configuration classes,
like "laptop" "workstation" "server" (whatever we want) and
have different default configurations for different system types,
so while I certainly wouldn't let non-root be configuring my servers
in any way at all, I don't really want to be root in order to
configure my laptop (at least to decide which wireless SSID
it should connect to, or when wireless should be disabled
when I am on a plane).

We could also have different security levels, "locked down",
"adequate", "better than nothing", and "absent" and have
different default configurations for those as well.

And then it would be easy for sysint to ask the user which
type of system this is (it would often be able to intuit a
reasonable default from the config) and what level of
security they want, and set those at the the same time it
is setting rc_configured=YES.

Aside from working out exactly what the values for the
various configs should be for whatever different modes
we create, all of this is trivial.

kre



Home | Main Index | Thread Index | Old Index