http://qa.mandrakesoft.com/show_bug.cgi?id=3789
------- Additional Comments From [EMAIL PROTECTED] 2003-26-06 12:53 ------- I notice that you continue to speak of an "increase" in security, as opposed to taking a further security measure. Instead of thinking of security as a matter of degree, think of it as sets of measures that can be taken, depending on the circumstances. It is immaterial whether it's called, or in the exact form of, a "question tree". The number of questions should be small. I listed four possibilites above. Sure, five max. sounds good to me. Few people "like" to fill in questionnaires. But I like less finding that my newly-installed system is not usable for my purposes, and having to do searches for what might be causing the problem, read through a lot of documentation, and make guesses, to fix it. It seems to me that the configuration dialogs for msec are very much like very long questionnaires, with questions that many users would find very hard to understand. Some of the issues I mentioned cannot be answered by the setup program itself. For instance, only the user knows whether other people are going to have access to the console, and how trustworthy they are. Such issues are germaine to security setup, so it would be good for msec to obtain this information from the user. For me, this is not a small matter. Msec issues remain my worst problem with this release. -- Configure bugmail: http://qa.mandrakesoft.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. ------- Reminder: ------- assigned_to: [EMAIL PROTECTED] status: NEW creation_date: description: I have a problem with the notion that system security is so simple it can be described by a single number, 0 - 5. I run my desktop machine heavily as a single user in an appartment where I live alone, and I run the machine as a web server. Level 4 won't let me run my server, but level 5 does all sorts of bad things to me as a user! Msec wants to time-out my terminal sessions as though somebody were going to walk by and see some vital information. It locks my primary user out of vital services. It won't let me log in as root. (granted, some of these are just bugs in the ability to re-configure the settings, but they're wrong to begin with). I propose that you re-think your security criteria. As a suggestion, consider asking several questions, such as: Degree of access to console: (1 person, a few trusted people, a few untrustworthy people, anybody) Internet exposure (none, behind a firewall, direct) Servers (none, or list) Importance of info (unimportant, personal, highly desirable financial records...) Some options shouldn't be possible: for example, a machine containing personal information shouldn't have its console available to just anybody. Based on a small number of questions, a reasonable security scheme can be worked out. But I don't think a few "security levels" can capture the complexity of the problem.
