[CentOS] SELinux threads, cynicism, one-upmanship, etc.

Deim Ágoston ago at lsc.hu
Mon Nov 21 17:15:29 UTC 2005 

hello all,

just don't forget that version numbering is not the same kind of animal as
in the closed source world. If you want to sell your system you cannot say
that version of MyGoodBilling System is 0.76.1. You have to say that's
1.0, or 1.1 or version 2005. Just think about Windows NT. It started with

And again: in the commercial and open source world everything should be
considered as "beta". Just like the human body, nature and combinations of
those, the humans are not the same. They can be "like the other" but not
the same. Never. That's why there's a role in information sciense, called
Sstem Architect. Who knows - or at least expected - to know which version
number with which patchlevel and patches are working together as expected
or knows the bugs and the workarounds for the systems.

And again: Linux, BSDs are not inferior to Windows system, Windows
applications and windows has their kind problems. Just other problems. I
know - or I think I know - that Lamar wanted to say this or similar.
That's why you use distros and that's why distros doesn't contain the
latest and greatest versions of softwares: lots of engineers, developers
and architects test it and patch the system to be usable enough.

At last: could we close this thread? Or start an advocacy at centos.org list
where everybody can dvert his/her point of view about things....

Bye,
Ago
-- 


> On Monday 21 November 2005 07:38, Brian T. Brunner wrote:
>> What I read is that SELinux is still 'beta',
>
> The SELinux kernel module itself is beyond beta.  The policies might be
> beta
> quality, and the documentation needs work for sure; but, pray tell, what
> in
> the typical Linux distribution is NOT beta?  Think carefully before you
> answer, and think about what is meant by beta (since some here enjoy
> splitting hairs; I'll split them, too, as I have actually taught
> college-level English (even to the point of teaching that there is no such
> thing as 'correct' English; there are conventions, styleguides, and the
> like,
> but there is no such thing as 'perfect' English;  the hardest things for a
> student to learn is that the dictionary is not an authority on word
> meaning,
> and that the basic unit of English meaning is not the word, but the
> sentence)).
>
>> and while the need for good
>> security is decades old, we (CentOS/RHEL folks) should not be presumed
>> to be willing beta testers.  "Enabled by default" presumes I'm willing.
>
> Assuming SELinux is beta.  But, again, what else are you running that
> really
> is beta?  Are you using Open SSL (for ssh or sasl or https)?  Guess what:
> OpenSSL is not only beta but has an API that changes within minor releases
> (and with the facial expressions of its developers... or, at least, that's
> how it looks).  And a crypto bug in SSL would be much worse than any
> imagined
> bug in SELinux.
>
> Further, the package that started all this, dbus, is also beta (judging by
> version number, as that is a standard metric, or at least the most
> standard
> of the metrics available).
>
> Run GNOME?  The esound system under GNOME is still at a version less than
> 1.0.
>
> YOUR BOOTLOADER, GRUB, IS BETA (version 0.95). And GRUB has produced the
> single largest volume of complaints about the upstream distributor's
> policies, that is, of getting rid of LILO, which was not beta.
>
> The hardware abstraction layer, hal, is beta.
>
> The hotplug interface appears to be a particular CVS snapshot, not even a
> beta.
>
> Using ipsec-tools?  It's beta too.
>
> Using ethereal?  The libpcap underneath is beta (again, by the version
> number
> of 0.8.3), and security bugs have been found in libpcap of a serious
> nature.
>
> Humph, libusb is alpha, not even beta (I use this heavily when using my
> Universal Software radio Peripheral (USRP), part of the GNUradio project).
>
> The Omni print driver subsystem is beta.
>
> YOUR AUTHENTICATION SUBSYSTEM, PAM, IS BETA (again, judging by the version
> number)!
>
> The prelink subsystem, which touches every single executable file on the
> system as root, is BETA.
>
> There are others, but these are important, and could impact security in a
> big
> way.
>
> And you're worried about SELinux being beta?
> --
> Lamar Owen
> Director of Information Technology
> Pisgah Astronomical Research Institute
> 1 PARI Drive
> Rosman, NC  28772
> (828)862-5554
> www.pari.edu
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos
>

More information about the CentOS mailing list