Re: "Many" happy selinux users nowadays

Andy Green wrote:
Somebody in the thread at some point said:

Andy Green wrote:

[snip]


It's obviously up to you how you deal with that, but I strongly believe
that you can't inherently trust machines on any internal network any

My issues with SELinux are:

(1) it is wrong-headed
(2) it is pervasive
(3) it has defects, and always will

The additional "security" it offers to an already compromised
system is debatable. This thread proves it. That it causes


I value it for what it can do at the moment of the attempted compromise.

And I do not, since my setup is proably vastly different from yours.
I have a stand-alone desktop with no sensitive data on it, behind
a hardware firewall which has never let one bad guy in. I take steps
to prevent inadvertent code or malicious code execute on my machine.
I regularly look for signs of invasion. If I get compromised, then
I plan to use one of my frequent backups to recover DATA. The system
will be reloaded, not recovered.

[snip]

I think the decision to include selinux is right... people will use it

Apparently it is for you. I support people being able to install
or not install software as THEY see fit.

[snip]

to the spec file, or in extremis move to your own distro. But I think
it won't gain much of a following to define the distro by removing a
feature rather than adding stuff.

I have no desire to control what other people put on their machines.
I have no desire to influence what other people put on their machines.
You like SELinux, fine. I don't want it. I support the choice to
install or not install, that's all.

[snip]

I don't download and execute other people's programs.

The whole distro is full of other peoples' programs though.

Of course.

I don't permit Java or Javascript to run on my machine.

I don't permit my mailer to use links or to download images.


I must be pretty lax, Javascript is okay in a browser (not Thunderbird
though) and I will click on email links after hovering to see where they go.

No cookies on my machine, either. No internet cache, either. No stored
passwords. I won't characterize what you do as lax or not, since
I'm not aware of your needs and desires. Your security measures need
to be tailored to your configuration and your goals, not mine.

You have to mix in the level of grief to implement it. For example
everyone keeps agreeing that the initscripts and especially shutdown can
be made MUCH better, but it's so frightening to take care of everything
with minimal breakage that somehow Fedora doesn't seem to get anywhere
with it (over years).

I don't know to what you refer.


There are a few projects around that replace the venerable "System V" --
it refers to some ancient Unix flavour AIUI -- initscripts. This is the

[snip]

Thanks for the explanation.

Mike
--
p="p=%c%s%c;main(){printf(p,34,p,34);}";main(){printf(p,34,p,34);}
Oppose globalization and One World Governments like the UN.
This message made from 100% recycled bits.
You have found the bank of Larn.
I can explain it for you, but I can't understand it for you.
I speak only for myself, and I am unanimous in that!

--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list

Relevant Pages

  • Re: Great SWT Program
    ... which is where the configuration files ... are shared by all machines. ... won't be apparent. ...
    (comp.lang.java.programmer)
  • Re: Without rebooting-Now changing ISP
    ... different machines, my suspicion is that I need to install the server ... different users here would then access the local server and download ...
    (comp.sys.acorn.networking)
  • Re: My Continuing Adventures With Linux
    ... of the newer SW you need high spec boxes and I'm just not going to go out and spend $1K or more getting more/new boxes and HW just so I can use the latest SW when all of my old boxes work fine, and I can do wp & spreadsheets & internet jazz to my heart's content. ... Considering that many versions of Linux aren't commercial, and that there are a number of volunteers working on it, the chances of serious bugs arising is likely reduced as there are no deadlines to meet and no advertising propaganda to live up to. ... One department at my alma mater had a few machines running it but I never spent much time on them. ...
    (sci.research.careers)
  • Re: Machina ex Deus..the machine is God
    ... The Pragmatic Builder is a interesting type. ... The collector is a fellow who collects machines. ... Heh heh heh. ...
    (rec.crafts.metalworking)
  • Re: [SLE] Mouse problems in 9.2
    ... modules/drivers/settings, etc., I highly recommend you just install a ... by either SuSE or my fall-back Win98SE. ... sensor or some supporting circuitry had failed. ...
    (SuSE)