On Jan 16, 2008 9:57 PM, David Nielsen <david@xxxxxxxxxxxxx> wrote: > > ons, 16 01 2008 kl. 20:57 +0100, skrev Valent Turkovic: > > Hi, > > I believe that SELinux is a great linux server security hardening tool > > but that has little use in desktop linux usage and it confuses > > ordinary desktop users. > > If it hasn't been discussed before I would like to propose that on > > desktop cd spin SELinux is not installed by default, of course after > > discussion and approval from you (fedora devels). > > -infinity > > You opt out of security not into it, if SELinux presents a problem in an > otherwise legitimate use case then it's a bug and it should be fixed. > Dan Walsh is normally a very responsive maintainer and bugs get fixed > nearly instantly. You bring again something that has nothing to do with the issue. Off course you opt out from security, not opt in. But I believe that using fedora as a general desktop is already all the security 99% people need. Other special cases can enable SELinux or even better build their own kernel. In order to use wireless fedora had to accept using firmware blobs AFAIK just because people need their wireless JustToWork. And I believe that people would like also not to get some useless (to them) cryptic messages that don't give them any security. I get contantly AVC Denial messages and none of them was a threat to my system. > Prevention is better than waiting for a problem to erupt and then > scramble to provide a 0 day patch to every critical bug. In much the > same way as we vaccinate people to avoid illness in the future instead > of just relying on luck and treatment. SELinux on desktop feels much more like keeping people from ever leaving their house in order for them not to get hurt outside that vaccination. On servers I can follow your vaccination analogy... I believe that some technologies are made for servers and their place it on server not on desktop. SELinux is top of that list. Valent. -- http://kernelreloaded.blog385.com/ linux, blog, anime, spirituality, windsurf, wireless registered as user #367004 with the Linux Counter, http://counter.li.org. ICQ: 2125241, Skype: valent.turkovic -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
