As mentioned earlier, I had some questions / queries regarding the
requirements for the proposed packages. Sending them here for
Kento Yoshida <kento.yoshida.wz@...> writes:
Requirements_for_proposal_SecurityWG_rev03.xlsx: the same file which I've already sent before to explain the requirement in the standard* sudo-ldap
Is there a specific requirement to include sudo-ldap in favour of plain
sudo? IIUC, sudo is a minimal dependency version while ldap requires
additional packages to be available.
Based on the listed requierments, it is not clear why ftp and ssh
clients are needed. Can you please clarify the requirements' text to
motivate inclusion of the client binaries as well.
From my understanding, the package enables login using public / private
keys. But the requirements talk about enforcing the strength of
"A minimum strength of used passwords needs to be enforced."
Possibly a mixup of package and requirements?
I think libtss2-esys0 is mistakenly included as explicit requirement. It
seems to be a dependency of tpm2-abrmd and will get pulled in
automatically as per my understanding.
It’s not clear how the package is related to the requirement -
"Account Identifier shall be unique on a component or system wide
level. Protection of relevant information in rest and transit shall
Can you add more details to the requirement to clarify this?