Re: SELinux last straw

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 10/17/07, Les Mikesell <lesmikesell@xxxxxxxxx> wrote:
> Mikkel L. Ellertson wrote:
>
> > Granted, the tools for SELinux are not as mature as the firewall
> > tools, but does that mean we throw out SELinux instead of improving
> > the tools?
>
> No one is arguing that it should necessarily be thrown out. But, should
> people be using it without understanding it?

Yes, people are arguing that. And if i remember right, you were
argueing right along side them last time this came up.

> > I have seen the same kind of arguments about just about every major
> > change. I remember people complaining about udev, and what was wrong
> > with using the standard /dev setup. I heard it about the change to
> > IPTables. I have heard it about HAL. Way too many of them boil down
> > to I know how the old system works, so why should I learn about this
> > new way of doing things.
>
> It's not just a matter of learning new things, and even if it were, that
> would boil down to large sums of money in any business context.  Think
> about upgrading a large farm of servers that have multiple network
> connections and the upgrade OS version detects the eth? devices in a
> different order (real example, by the way...).  Now you need the staff
> at each location to either relocate the cables to match or edit a vast
> number if ifcfg-eth? files after they somehow figure out what's
> connected where.
>
>  > I am happy with the way things are working
> > now. Don't change things and make me learn a new method. I don't
> > care if this new method has advantages over the one I know.
>
> Try it this way: there's been 30 years of work aggregating and improving
> with the old assumptions. That's why we like unix-like systems.  Do you
> want to throw that out on the chance that an untested new idea might be
> better?

So umm, who suggesting throwing it out?

> > Now, some of the new things are not going to work out, or in trying
> > to implement them, a better way may present itself. But if nobody is
> > willing to try the new methods, and work out the bugs that are
> > always going to crop up when trying something new, then there will
> > not be any progress.
>
> Research is always a good idea but most people want the testing to be
> done before the new thing goes into production.

And so the ability to disable SELinux was invented.

-- 
Fedora 7 : sipping some of that moonshine
( www.pembo13.com )

-- 
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora Magazine]     [Fedora News]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [SSH]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux