Re: policies for access to local resources
On Thu, Apr 01, 2004 at 02:38:04PM +0200, Wichert Akkerman wrote:
> This is largely orthogonal to the current issue, but it would be nice if
> d-i had a 'select machine type' option where people could select between
> 'private machine on private network', 'shared machine with trusted
> users', 'shared machine with untrusted users', 'server' or something
> similar which would affect:
> * default firewall (block/allow all incoming connections)
> * package selection (do/don't install pam_console for example)
You're right that this is largely orthogonal to the current issue.
However, I do not think it's largely orthogonal to the solution space we
need to be addressing to resolve this local resources issue. This issue
came up at least in part because of our current approach to security
administration and machine configuration.
It would probably be appropriate to issue some longer-term advice in
addition to any recommendations on pam_console.