[CentOS] SELinux threads, cynicism, one-upmanship, etc.

Brian T. Brunner brian.t.brunner at gai-tronics.com
Mon Nov 21 12:38:59 UTC 2005

Thanks, Mike.

What I read is that SELinux is still 'beta', and while the need for good 
security is decades old, we (CentOS/RHEL folks) should not be presumed 
to be willing beta testers.  "Enabled by default" presumes I'm willing.

Brian Brunner
brian.t.brunner at gai-tronics.com

>>> lesmikesell at gmail.com 11/19/05 11:41AM >>>
On Fri, 2005-11-18 at 22:42, Lamar Owen wrote:

> Maybe I'm wrong, but I think any admin needs to experience having their box 
> cracked.  It will produce the humbleness necessary to the trade, because 
> overconfidence is dangerous.

Yes, but when the box gets cracked _because_ they are using the
latest new thing their distribution added under the guise of
increased security, as happened with ssh a while back, it
also produces the attitude that new stuff should soak a long,
long while in a distribution like fedora before going onto
production boxes.  You want to at least wait until the surprises
stop - and I take the flurry of reports of broken apps at
every update as an indication that they haven't stopped yet.

Your analogy to a weapon was a good one.  When the experts
tuning the distribution still can't keep it from blowing
up in peoples's faces some of the time, normal people should
keep their distance.  When the fedora and Centos lists go
several months without a mysterious app failure caused by
SELinux it will be time to reconsider.

   Les Mikesell
     lesmikesell at gmail.com 

CentOS mailing list
CentOS at centos.org 

This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.

This footnote also confirms that this email message has been swept
for the presence of computer viruses.

www.hubbell.com - Hubbell Incorporated

More information about the CentOS mailing list