Re: [CentOS] Saw this and thought warmly of everyone on the list

Peter Farrow <peter@xxxxxxxxxxx> · Wed, 20 Sep 2006 23:20:08 +0100

>you seem to frequently grab a soap box and shout your thoughts here but
>of course, 

-- Inaccurate....

>that is your interpretation and I don't agree with your interpretation

It was not an interpretation it was a statement quoted verbatim from
the authors of SELinux,  you are reading more

into SElinux than the persons who created it!

>unfortunately, not all of us possess your extreme skill set that
ensures

>security so some of us welcome additional layers of security by
spending

>the effort to learn it.
Uusing SELinux in the hope that it will make a poorly setup box secure
is another limitation you appear not to have realised. From

the authors themselves "it was not tested for vulnerabilities", sorry
guys you still have your heads in

the sand (or is it somewhere else?)  

>Therefore, your commentary is merely pissing in the wind. It

>is apparent that you enjoy such activity.

-- You've missed the point again...

Having set the SELinux debate running again, I'll leave you to discuss
it further, I am glad I made you all think about it,

but you still want to waste your time with it thats great for you, I'll
wait until its complete and finalised.

Finally yes you're right that Linux was an Intern project to start
with, its taken well ten years to become useful and mature,

SELinux is still immature and not [yet]  usefull...

P.

Craig White wrote:

  On Wed, 2006-09-20 at 18:10 +0100, Peter Farrow wrote:

      If selinux helps you, then use it. If it doesn't, then don't. No one
is twisting your arm and forcing you at gunpoint to use it.... yet.
The beauty of open source is that it's all about choice. Do what you
want, so long as you're smart enough to do it.

    -- when really it should be an option to enable it, which a warning
that it wasn't tested for vulnerabilities, does not
add any official security value to Linux and will of course slow the
system down.  Furthermore it adds a layer of
security obfuscation which will in itself lead to administrators
making mistakes and inadvertently lowering security
as it is such a PITA.

  ----
it is a PITA to those who make little or no effort to understand it.
Good

it is but an additional layer of security - nothing more and only less
for those who make little or no effort to understand it and disable it.
----

    Unices were configurable to be secure by many a competant
administrator before this addition of bloat to the OS.

  ----
unfortunately, not all of us possess your extreme skill set that ensures
security so some of us welcome additional layers of security by spending
the effort to learn it.
----

    I choose not to use it, but ocassionally on some of my RHEL installs I
forget to turn it off, 
if it is off by default I wouldn't need to keep removing it!

  ----
you should contact upstream provider and convince them that you know
better
----

    What I find most curious is, despite the authors of it claiming
nothing of any note about it in terms of security,
and in fact in the link I originally posted the authors go quite some
way to distance themselves from claiming
it adds any actual security,

  ----
that is your interpretation and I don't agree with your interpretation
----

     and hasn't been tested for vulnerabilities as such, that some people
still swear by it as
the gospel truth and the only one true path.  Whilst such religious
commitment to an unproven cause undoubtedly
shows good faith, I would add that such blind practices are best left
to sunday school or the church sermon.

  ----
you seem to frequently grab a soap box and shout your thoughts here but
of course, since CentOS tracks the upstream as closely as possible, as
long as upstream is committed to this layer of security, it will be thus
on CentOS. Therefore, your commentary is merely pissing in the wind. It
is apparent that you enjoy such activity.
----

    P.

  ----
Craig

_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos

--

This message has been scanned for viruses and

dangerous content by the
Enhancion system scanner, 

and is believed to be clean.

_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos