[CentOS] Saw this and thought warmly of everyone on the list
craigwhite at azapple.com
Wed Sep 20 19:25:47 UTC 2006
On Wed, 2006-09-20 at 18:10 +0100, Peter Farrow wrote:
> > If selinux helps you, then use it. If it doesn't, then don't. No one
> > is twisting your arm and forcing you at gunpoint to use it.... yet.
> > The beauty of open source is that it's all about choice. Do what you
> > want, so long as you're smart enough to do it.
> -- when really it should be an option to enable it, which a warning
> that it wasn't tested for vulnerabilities, does not
> add any official security value to Linux and will of course slow the
> system down. Furthermore it adds a layer of
> security obfuscation which will in itself lead to administrators
> making mistakes and inadvertently lowering security
> as it is such a PITA.
it is a PITA to those who make little or no effort to understand it.
it is but an additional layer of security - nothing more and only less
for those who make little or no effort to understand it and disable it.
> Unices were configurable to be secure by many a competant
> administrator before this addition of bloat to the OS.
unfortunately, not all of us possess your extreme skill set that ensures
security so some of us welcome additional layers of security by spending
the effort to learn it.
> I choose not to use it, but ocassionally on some of my RHEL installs I
> forget to turn it off,
> if it is off by default I wouldn't need to keep removing it!
you should contact upstream provider and convince them that you know
> What I find most curious is, despite the authors of it claiming
> nothing of any note about it in terms of security,
> and in fact in the link I originally posted the authors go quite some
> way to distance themselves from claiming
> it adds any actual security,
that is your interpretation and I don't agree with your interpretation
> and hasn't been tested for vulnerabilities as such, that some people
> still swear by it as
> the gospel truth and the only one true path. Whilst such religious
> commitment to an unproven cause undoubtedly
> shows good faith, I would add that such blind practices are best left
> to sunday school or the church sermon.
you seem to frequently grab a soap box and shout your thoughts here but
of course, since CentOS tracks the upstream as closely as possible, as
long as upstream is committed to this layer of security, it will be thus
on CentOS. Therefore, your commentary is merely pissing in the wind. It
is apparent that you enjoy such activity.
More information about the CentOS