[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Forward looking to FC2 final and SELinux



On Tuesday 06 April 2004 12:24, Michael A. Peters wrote:
> Actually - I think desktops and general servers are where it is the
> most beneficial. On the desktop, I think it can help prevent the
> spread of worms from people who turn their firewall off, play with
> sendmail, and don't patch. For the general servers, it helps prevent
> compromise of one service from impacting another.

General servers maybe.  Workstations, where users add a plethora of 
third party software, almost all of it w/out any SELinux support 
(policy additions), can quickly become a mess, with the user usually 
just turning off SELinux completely rather than deal with the headache.

> I think the reason the current setting is enforce is because it needs
> to have everything ironed out. It is an install option, though - so
> it's not like it would be forced on anyone.

Sure it's an option, but (non scientific) studies have shown that the 
defaults are what are used most often.  My recommendation was to keep 
it as an option during the install, but leave the default as off.

> I am willing to bet that the default for worsktation installs will be
> permissive. Just a hunch I got.
>
> > In short, I'd urge strongly to have SELinux turned off for the
> > final release, and perhaps even for Test3.  Having it there is
> > extremely cool for those that will need/want it.  Forcing it upon
> > the rest of the world is not wise IMHO.
>
> I agree it should be permissive default for workstation install.
> But not for test3 - test3 is a test release.

Test3 is the final test (currently) before the final release.  This 
means it's more of a release candidate than a test release.  It should 
mimic exactly what the full release will be like.  How can one test the 
full release if there were no test releases that mimic it exactly?

-- 
Jesse Keating RHCE      (geek.j2solutions.net)
Fedora Legacy Team      (www.fedoralegacy.org)
GPG Public Key          (geek.j2solutions.net/jkeating.j2solutions.pub)
 
Was I helpful?  Let others know:
 http://svcs.affero.net/rm.php?r=jkeating

Attachment: pgp00038.pgp
Description: signature


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]