SELinux removed from desktop cd spin?

Douglas McClendon dmc.fedora at filteredperception.org
Thu Jan 17 04:35:07 UTC 2008 

jam at zoidtechnologies.com wrote:
> On Wed, Jan 16, 2008 at 08:57:56PM +0100, Valent Turkovic wrote:
>> Hi,
>> I believe that SELinux is a great linux server security hardening tool
>> but that has little use in desktop linux usage and it confuses
>> ordinary desktop users.
>> If it hasn't been discussed before I would like to propose that on
>> desktop cd spin SELinux is not installed by default, of course after
>> discussion and approval from you (fedora devels).
>>
>>
>> Cheers,
>> Valent
>>
> 
> -1
> 
> selinux should most definately *remain* in the desktop spin and *all* of the
> fedora spins because it drastically increases the security of the box in
> question.
> 
> hopefully all the replies to this thread agree with me.

<rant>

I wish I could say that I'm sorry to crush your hopes, but I'm really 
not.  Despite what I've said in the past, I have the utmost respect for 
selinux and security.  But what I don't have any respect for is people 
of your mind, who myopically just see "increased security".  People who 
view security that way IMO contribute to some of the worst cancers 
against humanity.

This is just standard rhetoric that I shouldn't be wasting my time 
repeating here, but security is ALWAYS a balance and a tradeoff against 
other *values*, and never an absolute.

When selinux is the right tool for the job, bringing a greater benefit 
to the system at hand than the costs involved with using it, then great. 
  But to claim that it should remain in "*all* of the fedora spins" is 
IMO utterly wrong, and a narrow vision of what fedora could be useful 
for.  There are times and applications where selinux is JUST NOT WORTH 
IT.  I'm not saying it's the majority of the time, or even >1%.  But if 
fedora is (to be) used in tens of millions of systems, 1% of that is 
actually a *significant* number.

If only I could waterboard the fuck out of all the loyal bushies that 
see "national security" as the *only* value to be measured when making a 
decision.

There are times when you let innocent people die and get hurt by 
terrorists, because the values sacrificed in making a decision that 
could and does stop the terrorists, are MORE IMPORTANT than a narrow 
short term view of "national security".

I sincerely hope that what I've said will cause you to think a little 
more before uttering "I hope everyone agrees with me that more security 
is always better" again.  But I welcome you to crush my hopes as I've 
just crushed yours.

</rant>

-dmc

More information about the fedora-devel-list mailing list