On Fri, 8 Sep 2006, Jason L Tibbitts III wrote: > >>>>> "JM" == James Morris <jmorris@xxxxxxxxxx> writes: > > JM> This guideline would request that developers test their package > JM> with SELinux enabled (and by this I mean in enforcing mode) and > JM> follow a simple procedure: > > Just like the IPv6 thing, I don't think this is an appropriate topic > for the packaging committee to consider. > > If it were in our purview, we could require that packages operate with > SELinux targeted enforcing, but forcing reviewers and package > maintainers to do this is a good way to make sure we have no package > maintainers or reviewers (except for the ones who are paid by Red Hat, > of course). A big +1 here. We must *always* remember when working with community packagers: they do this work to accomplish *their* needs. The fact that they accomplish *our* needs as well is almost always a fortunate side effect. > I mean, FC5 as shipped won't even boot in my environment with SELinux > turned on. (Yes, I reported the problems and they were quickly fixed, > but that still doesn't get me a system I can boot to the point of > getting updates.) So I think it's way too early to be forcing people to > test with SELinux on. > > For Extras, an SELinux SIG would be great; they could go through and > test applications, probably the server ones first. Core could of > course make their own policy. It's not for the packaging committee to > dictate either of those policies. Another big +1. The unfortunate side effect here is that it's possible -- even likely -- that most community packagers won't give two craps about the SELinux SIG. > Now, the packaging committee could publish guidelines for how to > include SELinux rules in a package; that would be great. +1 again. --g ------------------------------------------------------------- Greg DeKoenigsberg || Fedora Project || fedoraproject.org Be an Ambassador || http://fedoraproject.org/wiki/Ambassadors ------------------------------------------------------------- -- Fedora-packaging mailing list Fedora-packaging@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-packaging
