Thanks, Mike. What I read is that SELinux is still 'beta', and while the need for good security is decades old, we (CentOS/RHEL folks) should not be presumed to be willing beta testers. "Enabled by default" presumes I'm willing. Brian Brunner brian.t.brunner at gai-tronics.com (610)796-5838 >>> lesmikesell at gmail.com 11/19/05 11:41AM >>> On Fri, 2005-11-18 at 22:42, Lamar Owen wrote: > Maybe I'm wrong, but I think any admin needs to experience having their box > cracked. It will produce the humbleness necessary to the trade, because > overconfidence is dangerous. Yes, but when the box gets cracked _because_ they are using the latest new thing their distribution added under the guise of increased security, as happened with ssh a while back, it also produces the attitude that new stuff should soak a long, long while in a distribution like fedora before going onto production boxes. You want to at least wait until the surprises stop - and I take the flurry of reports of broken apps at every update as an indication that they haven't stopped yet. Your analogy to a weapon was a good one. When the experts tuning the distribution still can't keep it from blowing up in peoples's faces some of the time, normal people should keep their distance. When the fedora and Centos lists go several months without a mysterious app failure caused by SELinux it will be time to reconsider. -- Les Mikesell lesmikesell at gmail.com _______________________________________________ CentOS mailing list CentOS at centos.org http://lists.centos.org/mailman/listinfo/centos ******************************************************************* This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote also confirms that this email message has been swept for the presence of computer viruses. www.hubbell.com - Hubbell Incorporated