[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: SELinux removed from desktop cd spin?



Jeff Spaleta wrote:
On Jan 17, 2008 5:13 AM, Valent Turkovic <valent turkovic gmail com> wrote:
Again I'm not talking about general fedora distro, only Desktop spin.

I garuantee you that people understand the argument you are making.
And I'm pretty sure that you haven't actually come up with a new line
of reasoning that hasn't already been considered previously.

It comes down to this. You either value the selinux technology for a
specific usage case, or your don't.  If you value it, then you must
support Fedora having it enabled by default because Fedora so that we
can continue to refine it through more feedback.   If you don't value
it as a technology for the usage case you are interested in then you
aren't ever going to really be comfortable with it being included at
all.

So clearly you don't value it.  And clearly I do.  Continuing to run
in circles about this for another 300 posts isn't going to go anywhere
because at a pretty fundamental level our assumptions about what is
important are vastly different.

But you know what, my opinion and your opinion are really not that
important.  What I care about in terms of project direction is what
the security experts and the expert interface designers think.  We
must find a way to continue to incrementally make dealing with selinux
easier.  I'd rather get the right people in a room somewhere to sit
down and discuss selinux desktop integration away from the noise and
pitchforks in a mailinglist, and then move forward from there.  You
and I are not the right people.

Jeff I completely agree with you, it is not on me or you to decide, but I thing that this discussion really needs to happen because fedora currently has lost it's focus. It is not a server distro, it is not desktop focused distro - nobody knows what exacly fedora should be used for.

So I hoped that Fedora desktop spin will have some clear focus - the desktop as the name suggests, but it looks much more to me like it should be called just Fedora light.

There is no real difference (only NetworkManager turner on by default on desktop spin) in Fedora and Fedora Desktop spin.

I don't agree that security experts should decide if SELinux should go or not on Fedora Desktop spin or should it be on/off by default but some team of people who have a clear vision what Fedora Desktop experience should be about.

They should look real hard at the the costs to usability vs. security benefits on desktop.

What are the real security issues on desktop? OpenOffice exploits? Gnome expoits? What? You aren't running apache, mysql and php on desktop and those services shouldn't be running. Maybe ssh is running and that can be hardened really easily with firewall rules. What is actual threat that SELinux prevents on Fedora Desktop?

Is it just there because SELinux exists and it makes things secure in general but also gets in way of user experience? That is a poor excuse IMHO.

Valent.


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]