selinux eradicator?

Rahul Sundaram sundaram at fedoraproject.org
Fri Jun 29 01:29:47 UTC 2007 

Mike McCarty wrote:

> What they show is that there are provable DISadvantages. No amount
> of weighing advantages on one side vs. disadvantages on the other
> is going to amount to proof of whether any individual person should
> or should not use it.

No but you argument was that the advantages are merely conjecture and 
that is very clearly false.

  > Partially, my point is that any time one modifies any package, no
> matter for what reason, there is the opportunity to introduce
> defects. 

This is a generic argument and you can apply it to any piece of code and 
indeed against new development.  These overtly generic arguments bring 
nothing useful to the discussion.

> You expressed faith, which is purely personal. How else am I to comment?
> Keep your own comments technical, and you won't evoke such kinds of
> responses.

No my comments were purely technical and had technical references and 
had nothing to do with faith.  We aren't talking about religion here.

> I'm not lobbying for anyone to remove it. I'm not trying to convince
> anyone that it's a bad thing. I'm lobbying for people to have a CHOICE
> whether to install it, without also having to exercise the choice to
> use a different distro. I thinks that's only reasonable.

You do have a choice not to use SELinux if it is not wanted by you which 
is reasonable. Not being able to install every small libraries is not 
really worth the effort. Like I said there are several core libraries 
which cannot be easily removed from Fedora.

Last I heard you were running Fedora Core 2 which has only strict policy 
disabled by default and you were not planning to move to any new version 
of Fedora. So any new development and choice is a theoretical benefit 
for anyone who has no practical experience with SELinux but if you 
consider the advantages of saving a few kilobytes worth the effort, talk 
to the SELinux developers, understand the best way to split up the 
packages (hint: this is pretty difficult to do and there has been past 
discussions on this that you can refer to first) and send patches.  That 
would much more reasonable that theoretical discussions.

Rahul

More information about the fedora-list mailing list