SELinux removed from desktop cd spin?

Andrew Farris lordmorgul at gmail.com
Thu Jan 17 05:48:06 UTC 2008 

Douglas McClendon wrote:
> <rant>
> 
> I wish I could say that I'm sorry to crush your hopes, but I'm really 
> not.  Despite what I've said in the past, I have the utmost respect for 
> selinux and security.  But what I don't have any respect for is people 
> of your mind, who myopically just see "increased security".  People who 
> view security that way IMO contribute to some of the worst cancers 
> against humanity.
> 
> This is just standard rhetoric that I shouldn't be wasting my time 
> repeating here, but security is ALWAYS a balance and a tradeoff against 
> other *values*, and never an absolute.

Sounds like politically charged nonsense, not rhetoric related to computer security.

> When selinux is the right tool for the job, bringing a greater benefit 
> to the system at hand than the costs involved with using it, then great. 
>  But to claim that it should remain in "*all* of the fedora spins" is 
> IMO utterly wrong, and a narrow vision of what fedora could be useful 
> for.  There are times and applications where selinux is JUST NOT WORTH 
> IT.  I'm not saying it's the majority of the time, or even >1%.  But if 
> fedora is (to be) used in tens of millions of systems, 1% of that is 
> actually a *significant* number.
> 
> If only I could waterboard the fuck out of all the loyal bushies that 
> see "national security" as the *only* value to be measured when making a 
> decision.

Humanity and liberty are so important to you that you want to torture people 
(and evidently not to gather information because you know it already).  Clearly 
we're learning something here.

> There are times when you let innocent people die and get hurt by 
> terrorists, because the values sacrificed in making a decision that 
> could and does stop the terrorists, are MORE IMPORTANT than a narrow 
> short term view of "national security".

"Essential Liberty vs. Temporary Freedom".  Yes, liberty is important, but 
largely unrelated to whether you have selinux present in your favorite spin.

SELinux *should* be in every official Fedora spin, especially those to be used 
on networked computer systems.  But it should also be possible to turn it off 
and/or uninstall it, and be possible to build custom packages for embedded 
processing applications without it... but if I want an embedded linux with 
selinux enabled why shouldn't it be there available?

Choice (somehow related to Liberty in your rant) does not mean you get to choose 
what is present all the time, it means you get to choose whether to use it or 
not.  The presence of selinux does not infringe on your 'choice'.  The 
preference of one person to have it in all spins does not infringe on your 
'choice'.  More importantly, the desire of some to improve computer security 
around the globe does not prevent you from running open boxes with blank root 
passwords... the choice is yours how insecure you want it.

> I sincerely hope that what I've said will cause you to think a little 
> more before uttering "I hope everyone agrees with me that more security 
> is always better" again.  But I welcome you to crush my hopes as I've 
> just crushed yours.

SELinux can and very likely will protect computer systems for terrorist's use 
just as easily as anyone else, since it is 1) free, 2) available to the entire 
known universe; it therefore has nothing whatsoever to do with US national 
security in the context of your 'rhetoric' and poorly argued politics.

-- 
Andrew Farris <lordmorgul at gmail.com> <ajfarris at gmail.com>
  gpg 0xC99B1DF3 fingerprint CDEC 6FAD BA27 40DF 707E A2E0 F0F6 E622 C99B 1DF3
No one now has, and no one will ever again get, the big picture. - Daniel Geer
----                                                                       ----

More information about the fedora-devel-list mailing list