Jesse Keating wrote: > So, it's not a matter of have SELinux in the distro or not, it's a > matter of usability and exposing the RIGHT option to the end user. > Much like other advanced features are hidden from the (to borrow > Jef "I have a big middle name" Spaleta's phrase) average meathead, > SELinux should be not exactly hidden, but just disabled by > default. It would go a long way toward making the distro > desireable. While deftly skirting publicly positioning myself on the should selinux be defaulted to on. I thought i'd take a moment to clear up my definition of "meathead" which i think is being used incorrectly in this situation. Meatheads are those people who deliberately choose to not use the defaults without having an appropriate understanding of the consequences. They will do things like go out of their way to enable even hidden options just because they read a one page 12 step howto, that doesn't make an effort to explain how badly things can go and makes no effort to educate beyond the best case situation. Meatheads tweak their systems...but do not learn anything about their systems until after the noticed it has gone horribly wrong and have no idea when exactly it went horribly wrong during the 100 or so specific tweaks they performed. In my lonely and opinionated world view.... meatheads are a completely different subgroup than the AT user that ESR likes to wax eloquent about. AT's or as I like to call them... office and home professionals, want to get tasks done sane defaults and other usability and utility issues should be designed with them in mind. As much as I want to learn and understand about the inner-workings of the tools I use, i know normal people don't have nearly anywhere the same comprehension fetish that I have. My general rule is... if its something I want as a feature to make my life easier..its clearly NOT a good idea for office and home professional userbase. Meatheads are a complete contrast with the office and home professional group that Aunt T is a member of. They obsess over detailed featuritis compared to enhanced general usability and work flow...and yet they can not be considered technically proficient (yet) because they have not learned basic troubleshooting skills when doing clearly advanced and experimental tweaking...skills like skimming documentation that comes with the software before screwing around. </rant off> So in this situation...defaulting selinux to off in the installer..isn't going to protect meatheads, but it will probably protect the office and home professionals, since they will more likely than not need to install 3rd party applications, if selinux continues to have trouble with tasks like that. Identifying critical,frequent, and infrequent computing activities that the office and home professional userbase need to do to accomplish routine tasks and how selinux interferes with those activities will probably go a long way to estimating the impact selinux is going to have on that part of the userbase. And I know, that my personal use patterns diverge wildly from what an office and home professional user would be expecting to do every day or week or month or whatever, so i joyful expect problems with fc2 with selinux on or off. -jef"bug day email next...after i get a soda"spaleta
