On 08.05.2007 07:03, Kevin Kofler wrote: > dragoran <drago01 <at> gmail.com> writes: >> David Woodhouse wrote: >>> [...] >>> *SElinux*, >>> [..] >> thx for mentioning this I suggest that any package that create avcs >> should not pass a review. We have suchs packages in extras and nothing >> in the review process takes care of selinux integration which is wrong. > So you want to force reviewers to run with SELinux enabled? That's going to > reduce the number of reviewers significantly and increase the load on the > review queue even more. I for one have SELinux disabled (completely, so I don't > get even permissive AVCs) and I'm surely not the only one. Reviewing is already > tedious enough as it stands (it took me over an hour to review Strigi, and it > already had some quick pre-review comments by Rex Dieter and me). (It does work > though, for example I caught some plugin .so files being mistaken for symlinks > and thus accidentally shipped in strigi-devel rather than in the main strigi > package, that would definitely have broken things for the end user. So I'm not > complaining about the current process, just about your suggestion to add that > SELinux requirement.) Kevin and David both have good points IMHO. A solution afaics might behave some kind of (semi-)automatic SELinux testsuite running on a testmachine somewhere where users can submit packages for testing. And a SIG that users can ask in case of problem -- but we have a selinux mailing list, which should be enough probably. And maybe we should suggest somehow to packagers and reviewers to look out for SELinux trouble (but not as MUST or SHOULD; more as a kine of "best practices" document). CU thl -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
