Forward looking to FC2 final and SELinux

David T Hollis dhollis at davehollis.com
Wed Apr 7 01:08:44 UTC 2004


On Tue, 2004-04-06 at 12:23 -0700, Jesse Keating wrote:

> On Tuesday 06 April 2004 12:25, Stephen Smalley wrote:
> > I'd encourage you to read the paper available from
> > http://www.nsa.gov/selinux/papers/inevit-abs.cfm.  Quite independent
> > of any argument about enabling/disabling SELinux by default for FC2,
> > just a case that flexible MAC is important even for the desktop.
> 
> I don't discount that it's 'important'.  I doubt whether or not end 
> users are prepared to deal with SELinux for their every day use 
> computer.  I REALLY question the ideology of forcing it down users 
> throats (by making it the default) in a Fedora Core release.  I worry 
> that it will be very counterproductive to industry acceptance of Fedora 
> Core as a remotely usable distribution.
> 

This thread helps confirm my predictions as to what will happen with the
Fedora Core 2 release.  We've seen this sort of thing in times past with
various Red Hat releases.  It will go something like this:

1) Fedora Core 2 released with SE Linux support
2) Various user groups complain loudly with quotes such as:
"Red Hat has finally done it, I'm switching to Gentoo!"  
"Red Hat doesn't care about the end user"
"Debian is where it's at"
"KDE Rulez!"
"I'm never going to buy a Red Hat product again"
"RH is conspiring with NSA to spy on us!"
3) Various other distros will be incorporating SE Linux and within a
years time, all major distros will ship with SE Linux functionality

Look at times past that we have seen RH incorporate a "bleeding edge"
functionality into the core to much criticism, only to prove that they
were really just leading the charge.  Going way back, we have the great
glibc2 migration.  Everybody wanted to go there, nobody did because it
was such a massive change.  Who remembers libc5 these days?  The gcc
2.96 debacle.  OK, so it may have not been the best decision but gcc was
really stuck at the 2.95 series for eons.  Now there are new gcc
releases every few months.  How about BlueCurve?  RH's attempt to kill
KDE and take over the project.  I think they may have even hired hitmen
to take out all of the KDE developers.  Boy, that sure killed the
desktop on Linux by blurring the lines didn't it...  Hmm, seems like
some other distros have started doing this as well.  I don't know about
you, but I can't stand it when all of my apps look the same...

For those of you out there that are really concerned with SE Linux, be
patient.  Maybe skip FC2 until the bugs get worked out.  If you have
some non-critical or test systems, throw it on there and try things out.
Report bugs so they can get fixed.  It will be alright.  In the end, you
will be more better off than you will ever know.  If you don't want to
see such garbage hitting Linux as SQL Slammer, Nimda, CodeRed, Nachia,
etc etc etc, SE Linux will be a great step towards preventing it.

-- 
David T Hollis <dhollis at davehollis.com>





More information about the fedora-devel-list mailing list