Priceless :) You just made it to my email quote of the week wall :) *laugh* On Nov 25, 2005, at 3:09 PM, Peter Farrow wrote: > Some you seem to be drowning in the "complex=secure" scenario. > > SELinux adds complexity, the biggest dangers in computer hacking > come from within your own network. > > 90% of hacking jobs are in house as the statistics show. > > SELinux makes security complex and bloat like, the same thing that > makes Windows insecure, this makes the admin job harder, which will > lead to mistakes, which will make it hard to find holes, which will > inevitably lead to a less secure system.... QED. > > Perhaps all of you that _LOVE_ SElinux so much should branch off to > a new flavour of Linux, > > I propose that you name it BloatOS, > > Just keep it well away from me. > > My boxes have SELinux=disabled on all of them (thats a big number > by the way). > > I don't need it, those sysadmins who feel they need to use, sure go > ahead and use it, but please don't take the morale high ground > saying using it is definately better and more secure, because I > find that kind of talk irritating because it is so wrong. > > One thing is for sure, SELinux slows the box down, which perhaps > you could start arguing that "aah yes the box is so much slower > now, it wil take a hacker longer to get in - hey SElinux really is > secure for that reason alone" -- ROTFLOL.... > > I think you should rename this thread BloatOS. > > You could then write shell script called "unbloat" or "speedup" > > I propose it contains > > rpm -e libselinux-1.19.1-7 selinux-policy-targeted-1.17.30-2.110 > libselinux-devel-1.19.1-7 > > Maybe that too has some marketing mileage, you could sell this > script as a box performance enhancer, > > LOL > > > Les Mikesell wrote: >> On Fri, 2005-11-18 at 22:42, Lamar Owen wrote: >> >> >>> Maybe I'm wrong, but I think any admin needs to experience having >>> their box >>> cracked. It will produce the humbleness necessary to the trade, >>> because >>> overconfidence is dangerous. >>> >> Yes, but when the box gets cracked _because_ they are using the >> latest new thing their distribution added under the guise of >> increased security, as happened with ssh a while back, it >> also produces the attitude that new stuff should soak a long, >> long while in a distribution like fedora before going onto >> production boxes. You want to at least wait until the surprises >> stop - and I take the flurry of reports of broken apps at >> every update as an indication that they haven't stopped yet. >> >> Your analogy to a weapon was a good one. When the experts >> tuning the distribution still can't keep it from blowing >> up in peoples's faces some of the time, normal people should >> keep their distance. When the fedora and Centos lists go >> several months without a mysterious app failure caused by >> SELinux it will be time to reconsider. >> >> > _______________________________________________ > CentOS mailing list > CentOS at centos.org > http://lists.centos.org/mailman/listinfo/centos Elizabeth Palomino liz at groupee.com Sr. Performance Engineer Groupee (206)283-5999 Infopop is now Groupee... Same Company, New Name -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.centos.org/pipermail/centos/attachments/20051216/f45864bb/attachment-0004.html> -------------- next part -------------- A non-text attachment was scrubbed... Name: PGP.sig Type: application/pgp-signature Size: 186 bytes Desc: This is a digitally signed message part URL: <http://lists.centos.org/pipermail/centos/attachments/20051216/f45864bb/attachment-0004.sig>