Re: selinux??

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 26 January 2016 at 16:57, bruce <badouglas@xxxxxxxxx> wrote:
> What the Heck???
>
> So.. people who think/decide to just disable seLinux, instead of
> diving in to "learn" it are just lazy????  Lord.. shaking my head..
>
> How about.. some might be lazy..
>
> Or, some have a bunch of different things to get accomplished, and
> aren't looking to be a sysAdmin, so they want to (if possible) get to
> the quickest way of getting their "project" working/tested.. And if
> the "security/process" of X (in this case selinux) is in the way.. The
> learning required to implement that gets shoved back. It's a
> prioritization process for a bunch of people.
>
> You have a limited amount of resources, you priortize and keep going.
> And yeah, you realize that you might be cutting corners re security,
> but you keep going.
>
> And before people say, "you need to learn security, or you shouldn't
> be writing apps!!".. not going to happen.
>
> Implementing "good" secutiry, doesn't happen by spending a few hours
> on a few sites. You eventually run into issues that "need to be
> solved", etc.. which then adds time/effort/resources. And rightly so,
> this is why you have skilled sysAdmin resources. But smaller projects
> don't have the resources for this process.. so it becomes a matter of
> prioritization/resource allocation..
>
> And I say again.. I've been willing to pay hard $$$ for someone
> willing to work with me on security.. No takers..!!!
>

If you're really interested in that then it would be better to
actually advertise.

The central point here, you seem to be arguing that you should disable
all security because you don't have time to learn it and it's
difficult. But I bet you don't plan to just make everything on the
machine world writable and turn off the firewall. Things like SELinux
are actually there to help you. They can't make you do things like
properly encrypt user logins, but they can reduce the risk it's going
to matter. What I've been trying to say is leave it on and there are
plenty of people that can give you advice if you run into problems.

And yes, there are people that should not write apps if they aren't
going to bother with security. If you're not from the UK then search
google for Talktalk hacked, or imagine what would happen if people
could get at your uber account details. Failing to protect user data
properly over here (UK) can attract serious fines.

-- 
imalone
http://ibmalone.blogspot.co.uk
-- 
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org



[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [EPEL Devel]     [Fedora Magazine]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Desktop]     [Fedora Fonts]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Fedora Sparc]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux