On 04/11/13 20:12, Connie Sieh wrote:
> On Mon, 4 Nov 2013, Stephan Wiesand wrote:
>
>> I'd like to humbly express my disapproval of habitually placing each
>> and every SELinux policy "enhancement" in the security tree. These
>> updates are rather expensive in terms of system resources, likely to
>> aid a very very small percentage of SL users only (who could just as
>> well get them from fastbugs if they're even aware of an issue
>> addressed), and have a significant potential of breaking things for
>> all the others.
>>
>> And there's at least one clear mistake in the change note, and two
>> places making me wonder whether they're correct, and all three
>> paragraphs fail to make it clear to me what actual problem is solved
>> by deploying this update. None of this makes me quite confident in the
>> QA process this change went through. Which is why I'd much rather
>> deploy it only in the course of a minor release update, or if there'd
>> be a security flaw fixed, or if I knew it fixes a bug actually biting me.
>>
>
>> Am I the only one feeling that way?
>
> Lets start a discussion on this.

All of the systems I manage run with SELinux in enforcing mode.