On 26 January 2016 at 16:57, bruce <badouglas@xxxxxxxxx> wrote: > What the Heck??? > > So.. people who think/decide to just disable seLinux, instead of > diving in to "learn" it are just lazy???? Lord.. shaking my head.. > > How about.. some might be lazy.. > > Or, some have a bunch of different things to get accomplished, and > aren't looking to be a sysAdmin, so they want to (if possible) get to > the quickest way of getting their "project" working/tested.. And if > the "security/process" of X (in this case selinux) is in the way.. The > learning required to implement that gets shoved back. It's a > prioritization process for a bunch of people. > > You have a limited amount of resources, you priortize and keep going. > And yeah, you realize that you might be cutting corners re security, > but you keep going. > > And before people say, "you need to learn security, or you shouldn't > be writing apps!!".. not going to happen. > > Implementing "good" secutiry, doesn't happen by spending a few hours > on a few sites. You eventually run into issues that "need to be > solved", etc.. which then adds time/effort/resources. And rightly so, > this is why you have skilled sysAdmin resources. But smaller projects > don't have the resources for this process.. so it becomes a matter of > prioritization/resource allocation.. > > And I say again.. I've been willing to pay hard $$$ for someone > willing to work with me on security.. No takers..!!! > If you're really interested in that then it would be better to actually advertise. The central point here, you seem to be arguing that you should disable all security because you don't have time to learn it and it's difficult. But I bet you don't plan to just make everything on the machine world writable and turn off the firewall. Things like SELinux are actually there to help you. They can't make you do things like properly encrypt user logins, but they can reduce the risk it's going to matter. What I've been trying to say is leave it on and there are plenty of people that can give you advice if you run into problems. And yes, there are people that should not write apps if they aren't going to bother with security. If you're not from the UK then search google for Talktalk hacked, or imagine what would happen if people could get at your uber account details. Failing to protect user data properly over here (UK) can attract serious fines. -- imalone http://ibmalone.blogspot.co.uk -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
