On 2013-11-04, at 21:12, Connie Sieh <[log in to unmask]> wrote:

> On Mon, 4 Nov 2013, Stephan Wiesand wrote:
> 
>> I'd like to humbly express my disapproval of habitually placing each and every SELinux policy "enhancement" in the security tree. These updates are rather expensive in terms of system resources, likely to aid a very very small percentage of SL users only (who could just as well get them from fastbugs if they're even aware of an issue addressed), and have a significant potential of breaking things for all the others.
>> 
>> And there's at least one clear mistake in the change note, and two places making me wonder whether they're correct, and all three paragraphs fail to make it clear to me what actual problem is solved by deploying this update. None of this makes me quite confident in the QA process this change went through. Which is why I'd much rather deploy it only in the course of a minor release update, or if there'd be a security flaw fixed, or if I knew it fixes a bug actually biting me.
>> 
> 
>> Am I the only one feeling that way?
> 
> Lets start a discussion on this.

Thanks Connie.

While the discussion shows that running with SELinux enabled isn't all that uncommon, it seems that I'm indeed the only one who'd rather not have the policy updates promoted from fastbugs to security without a known reason.

So, nevermind. Sorry for the rant.

	Stephan

-- 
Stephan Wiesand
DESY - DV -
Platanenallee 6
15738 Zeuthen, Germany