Re: Another Fedora decision

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



On Wed, February 4, 2015 17:55, Warren Young wrote:
>
> But of course the same people fighting this move to more secure
> password minima are the same ones that turn off SELinux.
>

Ah. Sorry, NO.

First, we are not talking about a more secure password minima.  We are
discussing an arbitrary change made to an installer program that
adversely impacts usability and that only has a tenuous connection to
security on a production system. A change which assumes that people
installing RHEL systems lack the competence to alter system account
passwords subsequent to installation.

Second, while I have serious concerns with the delusions respecting
security that this fascination with 'strong' passwords evidences I do
not turn off SELinux on any of my production servers. Excepting one
which to date I have been unable to get to run the critical
(third-party) application it hosts with SELinux switched on (short of
a custom module which effectively gives http access to the whole host
anyway).  And that server is hardened against Internet access via
other means and only runs this one application.

You need to paint with a finer brush I think.

-- 
***          E-Mail is NOT a SECURE channel          ***
James B. Byrne                mailto:ByrneJB@xxxxxxxxxxxxx
Harte & Lyne Limited          http://www.harte-lyne.ca
9 Brockley Drive              vox: +1 905 561 1241
Hamilton, Ontario             fax: +1 905 561 0757
Canada  L8E 3C3

_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos




[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux