Hello all, Stef Walter [2020-04-02 12:54 +0200]: > > It doesn't, and we can certainly discuss whether to enable it by default. I > > will circle back to Steve and check that requirement. > > Hmmm. I don't understand why we would do that. > > The security exectation is that any UI (such as GNOME or Windows) where > a terminal and/or browser are shown have a lock screen. > > Why would each session in a terminal or browser need to implement > locking themselves?
As far as I understood it: Because it's another security boundary. In almost every case, the Cockpit page has different or more credentials than the rest of the desktop session. It's effectively an open root shell (→ sudo tickets usually time out after 10 or 15 mins by default), or even a shell on a remote system. So it's similar why e. g. bank web sites log you out after a few minutes of inactivity. I'm actually mildly in favor of keeping the locking by default, but if there is good arguments to *not* lock by default, I can certainly be convinced. As I said, I'd first like to circle back with Steve whether not locking by default is acceptable for CC certification. > And even if so, why would it be a default? Can we make Cockpit no log > out by default, while still providing the option to configure it? Technically yes, of course. Martin _______________________________________________ cockpit-devel mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected]
