Thanks, Mike.
What I read is that SELinux is still 'beta', and while the need for good security is decades old, we (CentOS/RHEL folks) should not be presumed to be willing beta testers. "Enabled by default" presumes I'm willing.
Brian Brunner brian.t.brunner@gai-tronics.com (610)796-5838
lesmikesell@gmail.com 11/19/05 11:41AM >>>
On Fri, 2005-11-18 at 22:42, Lamar Owen wrote:
Maybe I'm wrong, but I think any admin needs to experience having their box cracked. It will produce the humbleness necessary to the trade, because overconfidence is dangerous.
Yes, but when the box gets cracked _because_ they are using the latest new thing their distribution added under the guise of increased security, as happened with ssh a while back, it also produces the attitude that new stuff should soak a long, long while in a distribution like fedora before going onto production boxes. You want to at least wait until the surprises stop - and I take the flurry of reports of broken apps at every update as an indication that they haven't stopped yet.
Your analogy to a weapon was a good one. When the experts tuning the distribution still can't keep it from blowing up in peoples's faces some of the time, normal people should keep their distance. When the fedora and Centos lists go several months without a mysterious app failure caused by SELinux it will be time to reconsider.