On Wed, 2006-09-20 at 18:10 +0100, Peter Farrow wrote: > > If selinux helps you, then use it. If it doesn't, then don't. No one > > is twisting your arm and forcing you at gunpoint to use it.... yet. > > The beauty of open source is that it's all about choice. Do what you > > want, so long as you're smart enough to do it. > > -- when really it should be an option to enable it, which a warning > that it wasn't tested for vulnerabilities, does not > add any official security value to Linux and will of course slow the > system down. Furthermore it adds a layer of > security obfuscation which will in itself lead to administrators > making mistakes and inadvertently lowering security > as it is such a PITA. ---- it is a PITA to those who make little or no effort to understand it. Good it is but an additional layer of security - nothing more and only less for those who make little or no effort to understand it and disable it. ---- > > Unices were configurable to be secure by many a competant > administrator before this addition of bloat to the OS. ---- unfortunately, not all of us possess your extreme skill set that ensures security so some of us welcome additional layers of security by spending the effort to learn it. ---- > I choose not to use it, but ocassionally on some of my RHEL installs I > forget to turn it off, > if it is off by default I wouldn't need to keep removing it! ---- you should contact upstream provider and convince them that you know better ---- > What I find most curious is, despite the authors of it claiming > nothing of any note about it in terms of security, > and in fact in the link I originally posted the authors go quite some > way to distance themselves from claiming > it adds any actual security, ---- that is your interpretation and I don't agree with your interpretation ---- > and hasn't been tested for vulnerabilities as such, that some people > still swear by it as > the gospel truth and the only one true path. Whilst such religious > commitment to an unproven cause undoubtedly > shows good faith, I would add that such blind practices are best left > to sunday school or the church sermon. ---- you seem to frequently grab a soap box and shout your thoughts here but of course, since CentOS tracks the upstream as closely as possible, as long as upstream is committed to this layer of security, it will be thus on CentOS. Therefore, your commentary is merely pissing in the wind. It is apparent that you enjoy such activity. ---- > P. ---- Craig _______________________________________________ CentOS mailing list CentOS@xxxxxxxxxx http://lists.centos.org/mailman/listinfo/centos