On 04/11/13 20:12, Connie Sieh wrote: > On Mon, 4 Nov 2013, Stephan Wiesand wrote: > >> I'd like to humbly express my disapproval of habitually placing each >> and every SELinux policy "enhancement" in the security tree. These >> updates are rather expensive in terms of system resources, likely to >> aid a very very small percentage of SL users only (who could just as >> well get them from fastbugs if they're even aware of an issue >> addressed), and have a significant potential of breaking things for >> all the others. >> >> And there's at least one clear mistake in the change note, and two >> places making me wonder whether they're correct, and all three >> paragraphs fail to make it clear to me what actual problem is solved >> by deploying this update. None of this makes me quite confident in the >> QA process this change went through. Which is why I'd much rather >> deploy it only in the course of a minor release update, or if there'd >> be a security flaw fixed, or if I knew it fixes a bug actually biting me. >> > >> Am I the only one feeling that way? > > Lets start a discussion on this. All of the systems I manage run with SELinux in enforcing mode.