[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: "Many" happy selinux users nowadays

Andy Green wrote:
Somebody in the thread at some point said:

Andy Green wrote:


It's obviously up to you how you deal with that, but I strongly believe
that you can't inherently trust machines on any internal network any

My issues with SELinux are:

(1) it is wrong-headed
(2) it is pervasive
(3) it has defects, and always will

The additional "security" it offers to an already compromised
system is debatable. This thread proves it. That it causes

I value it for what it can do at the moment of the attempted compromise.

And I do not, since my setup is proably vastly different from yours.
I have a stand-alone desktop with no sensitive data on it, behind
a hardware firewall which has never let one bad guy in. I take steps
to prevent inadvertent code or malicious code execute on my machine.
I regularly look for signs of invasion. If I get compromised, then
I plan to use one of my frequent backups to recover DATA. The system
will be reloaded, not recovered.


I think the decision to include selinux is right... people will use it

Apparently it is for you. I support people being able to install
or not install software as THEY see fit.


to the spec file, or in extremis move to your own distro.  But I think
it won't gain much of a following to define the distro by removing a
feature rather than adding stuff.

I have no desire to control what other people put on their machines.
I have no desire to influence what other people put on their machines.
You like SELinux, fine. I don't want it. I support the choice to
install or not install, that's all.


I don't download and execute other people's programs.

The whole distro is full of other peoples' programs though.

Of course.

I don't permit Java or Javascript to run on my machine.

I don't permit my mailer to use links or to download images.

I must be pretty lax, Javascript is okay in a browser (not Thunderbird
though) and I will click on email links after hovering to see where they go.

No cookies on my machine, either. No internet cache, either. No stored
passwords. I won't characterize what you do as lax or not, since
I'm not aware of your needs and desires. Your security measures need
to be tailored to your configuration and your goals, not mine.

You have to mix in the level of grief to implement it.  For example
everyone keeps agreeing that the initscripts and especially shutdown can
be made MUCH better, but it's so frightening to take care of everything
with minimal breakage that somehow Fedora doesn't seem to get anywhere
with it (over years).

I don't know to what you refer.

There are a few projects around that replace the venerable "System V" --
it refers to some ancient Unix flavour AIUI -- initscripts.  This is the


Thanks for the explanation.

Oppose globalization and One World Governments like the UN.
This message made from 100% recycled bits.
You have found the bank of Larn.
I can explain it for you, but I can't understand it for you.
I speak only for myself, and I am unanimous in that!

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]