[CentOS-mirror] Additional NZ Mirror

Thu Oct 2 13:02:05 UTC 2014
Fabian Arrotin <fabian.arrotin at arrfab.net>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 02/10/14 14:23, Daniel Watson wrote:
> PS.  LAX is fixed, stupid selinux  who needs it :D
> 

Well, it's a free world, so you can do whatever you want to ...
But my advice (and same for all people within CentOS) is to use
selinux everywhere. It's really not hard and we run selinux all those
nodes behind msync/mirror.centos.org (and everywhere else)

Let's not start a thread about selinux here, (as it's the
centos-mirror list) but feel free to join the main one to discuss that
if you want to. Just the last ShellShock issue from last week would
suffice to have selinux in enforcing mode everywhere you can (while it
didn't stop it, it contained more than without as a simple example)

I use that sentence when I give my "configuring selinux with your
cfgmgmt tool - puppet and ansible covered" talk : "Security is a chain
: it's only as secure as the weakest link" ;-)

- -- 
Fabian Arrotin
gpg key: 56BEC54E | twitter: @arrfab
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)

iEYEARECAAYFAlQtTM0ACgkQnVkHo1a+xU77lQCfTZuGGVIynmSrJ+nxgNI+hBlH
YpoAn3pkS/y5WP+dHHbf07RubmIju/cS
=RYIZ
-----END PGP SIGNATURE-----