Expectation Management for Test Releases
Jeremy Katz
katzj at redhat.com
Wed Apr 21 03:28:09 UTC 2004
On Tue, 2004-04-20 at 18:01, Gene C. wrote:
> So, my question: For FC2 final (and really Test3 also), should those of us
> interested in selinux and willing to put up with some problem continue to
> install it enabled? If policy is going to be redesigned, is this worth the
> effort. Naturally, any bugs found in FC2T3 would be reported but I am not
> sure anyone will have time to address them. Furthermore, if the plan is to
> redesign things post FC2 (planned for FC3 I assume), little attention will be
> given to bugs in this old mechanism.
Yes, we very much strongly encourage those who are very interested in
SELinux and comfortable enough to work with it to continue installing
with it enabled and in enforcing mode as well as continue to help us
work out the problems as they're discovered. That's why we're leaving
the possibility of enabling it there.
It's just that it's not ready for the masses to consume yet, and in
doing so, we'd just end up with a Fedora Core release that was less
stable and with many apparent bugs due to SELinux. We'll probably go
through this again with FC3 where I plan to return things to enforcing
by default in the development tree very soon after the release of FC2.
As far as redesign of policy, there's discussion around developing a
less strict policy, ie, one that allows users in general to do things
but takes the approach of locking down specific services. But the hope
is to do this in such a way that you can trivially switch back and forth
between the policies with a simple toggle and thus any testing on the
stricter policy we have now will still be quite useful. Think of it
along the lines of the old Medium vs High firewall distinction.
Jeremy
More information about the fedora-test-list
mailing list