On Tue, 2004-04-06 at 19:46, Jeremy Katz wrote: > I actually pretty strongly disagree here. I think that we need to move > to where policy for various daemons is included and maintained along > with the daemon. The reason policy is centralized is because it allows one to easily analyze the entire thing at once, and also makes it easier to make sweeping changes by modifying just a few files. > Otherwise, we have a never-ending battle of one huge > monolithic package that will end up with bizarre dependencies on apps. I'm not sure I understand - how does policy depend on applications? > Managing that is going to be a nitemare in the long-term. Think of the > situation where you want to upgrade your sendmail package, but to > upgrade your sendmail package, you need the new policy that has > information for the new way sendmail is split up but *that* requires you > to upgrade something else... it can spiral out of control very very > quickly. What would the policy package require you to upgrade? > There's a reason we don't, eg, put all of the German translations for > everything we ship in, eg, a translations-german package. It just > doesn't scale maintenance wise. Translations are different from SELinux security policy in that they're mostly independent of one another.
Description: This is a digitally signed message part