[systemd-devel] [EXT] Proposal to extend os-release/machine-info with field PREFER_HARDENED_CONFIG

Stefan Schröder stefan at tokonoma.de
Wed Feb 16 12:13:08 UTC 2022


Hallo Ulrich, thank you for taking the time to read my proposal.

> Probably because "secure" isn't considered to be "comfortable" by a majority
> of users.

Indeed.

> I think os-relesase describes the operating system, not policies.

You are right. Perhaps machine-info would be a better fit than os-release.
 
> Wouldn't /etc/default/* be the place to look such things up?
 
I am not sure. Is /etc/default standard across distributions? AFAIK it's Debian specific.
We should be looking to address this issue in a distribution independent way, shouldn't we?
 
> You are saying: If we don't get THIS, we get NOTHING instead?
> I would disagree.

My point is that currently there is no way for an administrator/package maintainer to consistently and globaly request/provide secure configuration settings as a default. If there is one (and since you disagree, there seems to be one) I'd like to learn more about it. Could you please post a link to some more information?

Best 
Stefan


More information about the systemd-devel mailing list