On 04/09/2012 02:15 PM, Miloslav Trmač wrote: > On Mon, Apr 9, 2012 at 4:58 PM, Daniel J Walsh <dwalsh@xxxxxxxxxx> wrote: >> One suggestion I have heard is to turn the feature off if someone install >> gdb like we do with DrKonji, which might be a better solution then >> disabling by default. > It would be very surprising if merely installing a package changed the > security configuration that is not directly related to the files installed > by the package. Mirek Right, although this is about compromise. I want the feature for as many users as possible. If I have it on, I will hit 90% of the installed SELinux Base. If I turn it off by default I will hit < 1 % of the installed SELinux Base. If I compromise I can get 50 % of the installed base to use it. People do not tend to change the defaults when it comes to security other then loosening it. -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
