Verily I say unto thee, that nodata spake thusly: > Secure by default please, otherwise turn off selinux by default. Very good point. It's rather contradictory, indeed hypocritical, for Fedora to have spent all this time and effort integrating security as relatively extreme as SELinux into the distro, only to then undermine it by allowing a subset of unauthorised root privileges. So on the one hand the rationale is: The target audience is single-user desktops, so authorising package installs is moot. But on the other hand those same users had to endure several releases where SELinux prevented many packages from working correctly, while maintainers, developers, and bug reporters spent a lot of time and effort tweaking security policies to fix these issues, for the sake of what was extolled as important and necessary improvements to Linux security. So which is it? Is security important for the target audience (whomever Fedora presumes them to be), or not? Personally, I use Fedora on desktops, laptops /and/ servers, and yes I have other users on my network, to whom I do /not/ wish to allow root access ... ever. And I take great exception to Fedora arrogantly presuming what type of systems I use Fedora on, and what my security needs are. Something far more worrying, is that Fedora is the testbed for RHEL. Are we to assume that enterprise customers will be spared the insecurities currently being foisted on Fedora users, or should we start working on the security advisories now? -- Regards, Keith G. Robertson-Turner -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
