[systemd-devel] [EXT] Proposal to extend os-release/machine-info with field PREFER_HARDENED_CONFIG
Stefan Schröder
stefan at tokonoma.de
Wed Feb 16 12:13:08 UTC 2022
Hallo Ulrich, thank you for taking the time to read my proposal.
> Probably because "secure" isn't considered to be "comfortable" by a majority
> of users.
Indeed.
> I think os-relesase describes the operating system, not policies.
You are right. Perhaps machine-info would be a better fit than os-release.
> Wouldn't /etc/default/* be the place to look such things up?
I am not sure. Is /etc/default standard across distributions? AFAIK it's Debian specific.
We should be looking to address this issue in a distribution independent way, shouldn't we?
> You are saying: If we don't get THIS, we get NOTHING instead?
> I would disagree.
My point is that currently there is no way for an administrator/package maintainer to consistently and globaly request/provide secure configuration settings as a default. If there is one (and since you disagree, there seems to be one) I'd like to learn more about it. Could you please post a link to some more information?
Best
Stefan
More information about the systemd-devel
mailing list