Jeff Spaleta wrote:
On Jan 17, 2008 5:13 AM, Valent Turkovic <valent.turkovic@xxxxxxxxx> wrote:
Again I'm not talking about general fedora distro, only Desktop spin.
I garuantee you that people understand the argument you are making.
And I'm pretty sure that you haven't actually come up with a new line
of reasoning that hasn't already been considered previously.
It comes down to this. You either value the selinux technology for a
specific usage case, or your don't. If you value it, then you must
support Fedora having it enabled by default because Fedora so that we
can continue to refine it through more feedback. If you don't value
it as a technology for the usage case you are interested in then you
aren't ever going to really be comfortable with it being included at
all.
So clearly you don't value it. And clearly I do. Continuing to run
in circles about this for another 300 posts isn't going to go anywhere
because at a pretty fundamental level our assumptions about what is
important are vastly different.
But you know what, my opinion and your opinion are really not that
important. What I care about in terms of project direction is what
the security experts and the expert interface designers think. We
must find a way to continue to incrementally make dealing with selinux
easier. I'd rather get the right people in a room somewhere to sit
down and discuss selinux desktop integration away from the noise and
pitchforks in a mailinglist, and then move forward from there. You
and I are not the right people.
Jeff I completely agree with you, it is not on me or you to decide, but
I thing that this discussion really needs to happen because fedora
currently has lost it's focus. It is not a server distro, it is not
desktop focused distro - nobody knows what exacly fedora should be used for.
So I hoped that Fedora desktop spin will have some clear focus - the
desktop as the name suggests, but it looks much more to me like it
should be called just Fedora light.
There is no real difference (only NetworkManager turner on by default on
desktop spin) in Fedora and Fedora Desktop spin.
I don't agree that security experts should decide if SELinux should go
or not on Fedora Desktop spin or should it be on/off by default but some
team of people who have a clear vision what Fedora Desktop experience
should be about.
They should look real hard at the the costs to usability vs. security
benefits on desktop.
What are the real security issues on desktop? OpenOffice exploits? Gnome
expoits? What? You aren't running apache, mysql and php on desktop and
those services shouldn't be running. Maybe ssh is running and that can
be hardened really easily with firewall rules. What is actual threat
that SELinux prevents on Fedora Desktop?
Is it just there because SELinux exists and it makes things secure in
general but also gets in way of user experience? That is a poor excuse IMHO.
Valent.
--
fedora-devel-list mailing list
fedora-devel-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-devel-list
