Fedora vs OpenSuse
Rahul Sundaram
sundaram at fedoraproject.org
Fri Jun 15 12:05:32 UTC 2007
Ralf Corsepius wrote:
>
> No doubts, there probably have been such incidents.
>
> I can't comment on AppArmor (I am not using OpenSuSE), but I can comment
> on SELinux from my personal experience with it. And from that I would be
> very cautious to mention it as a "selling point", because I assume
> everybody using Fedora for a couple of months at some point has had his
> own experiences with it.
>
> It's helpful and harmful at the same time. Which side's tradeoffs
> overweight depends on the personal situation and a particular machine's
> purpose.
I understand that point and it's valid however it is a important
differentiation. SELinux with the assorted set of security enhancements
have been very useful in mitigating security issues. Even end users who
tend to not like SELinux and turn it off have benefited it from it.
While SELinux policies a number of issues have been fixed with software
that was using more privileges than necessary or need to be redesigned
because there was fundamental flaws.
From the FC2 till now there have been tremendous improvements in the
amount of programs covered by policy, comprehensiveness, flexibility of
policy, administrative and debugging tools including graphical ones.
Fedora today is probably the best integration of SELinux or similar
technology in a mainstream system.
Rahul
More information about the fedora-list
mailing list