Sender: |
|
Date: |
Tue, 5 Nov 2013 13:25:29 +1100 |
Reply-To: |
|
Subject: |
|
From: |
|
Content-Type: |
multipart/signed; micalg=pgp-sha1;
protocol="application/pgp-signature";
boundary="5eRtONS2bDrMImhXP7VwukXrvQWL04Lap" |
In-Reply-To: |
|
MIME-Version: |
1.0 |
Comments: |
|
Parts/Attachments: |
|
|
On 5/11/2013 7:12 AM, Connie Sieh wrote:
> On Mon, 4 Nov 2013, Stephan Wiesand wrote:
>
>> I'd like to humbly express my disapproval of habitually placing each
>> and every SELinux policy "enhancement" in the security tree. These
>> updates are rather expensive in terms of system resources, likely to
>> aid a very very small percentage of SL users only (who could just as
>> well get them from fastbugs if they're even aware of an issue
>> addressed), and have a significant potential of breaking things for
>> all the others.
>>
>> And there's at least one clear mistake in the change note, and two
>> places making me wonder whether they're correct, and all three
>> paragraphs fail to make it clear to me what actual problem is solved
>> by deploying this update. None of this makes me quite confident in the
>> QA process this change went through. Which is why I'd much rather
>> deploy it only in the course of a minor release update, or if there'd
>> be a security flaw fixed, or if I knew it fixes a bug actually biting me.
>>
>
>> Am I the only one feeling that way?
>
> Lets start a discussion on this.
Do many people use SELinux in the enforcing mode?
While I'm a bit old school, I don't know many people who even have
SELinux in permissive mode - let alone enforcing...
--
Steven Haigh
Email: [log in to unmask]
Web: https://www.crc.id.au
Phone: (03) 9001 6090 - 0412 935 897
Fax: (03) 8338 0299
|
|
|