On Wed, 2008-07-16 at 13:09 -0700, Brett Lentz wrote: > On Wed, 2008-07-16 at 15:40 -0400, Daniel J Walsh wrote: > > David Härdeman wrote: > > > On Wed, Jul 16, 2008 at 02:59:40PM -0400, Daniel J Walsh wrote: > > >> Christopher J. PeBenito wrote: > > >>> On Wed, 2008-07-16 at 19:44 +0200, David Härdeman wrote: > > >>>> On Wed, Jul 16, 2008 at 01:13:03PM -0400, Daniel J Walsh wrote: > > >>>>> David Härdeman wrote: > > >>>>>> While working on SELinux-enabling a Debian system, I often Google for > > >>>>>> avc messages that show up in dmesg and 90% of the time it seems > > >>>>>> that the > > >>>>>> problem has already been solved in Fedora's version of the > > >>>>>> refpolicy but > > >>>>>> not in the upstream version. [...] > To be honest, from my perspective as an SELinux consumer and long-time > follower of this list, it seems to me that Fedora's policy is very > nearly becoming the de facto reference policy just by virtue of its more > active development. What is probably not clear to you is that I focus on large scale changes/policy architecture, such as the experiment with ubac/rbac separations, building the enforcing X desktop policies, and the FCGlob file contexts experiment. Being a distribution policy person, Dan is on the front lines handling bugs, while I am somewhat disconnected (Gentoo doesn't have nearly as many SELinux users). As mentioned by others, Dan is working mainly on get things functioning. Obviously, as upstream, I want things to work too, but Dan deserves much credit for the many policy adjustments that are required as software gets updated. But to say that the Fedora policy has more active development is dead wrong. -- Chris PeBenito Tresys Technology, LLC (410) 290-1411 x150 -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
