On Mon, 2005-11-21 at 14:41 +0000, Peter Farrow wrote: > Please go and look up "default" on the dictionary.... > It isn't the word default that I have a problem with ... it is enabled. Nothing is enabled until you click past it without taking action. You "Enable" the things that you want. Now ... I would agree that the "Default" selection is having SELinux in "Permissive Mode" ... and that user action and knowledge is required when deciding what they want to do concerning SELinux. > > Johnny Hughes wrote: > > >On Mon, 2005-11-21 at 14:15 +0000, Peter Farrow wrote: > > > > > >>The point was, as its very much beta quality, it should be up to the > >>user to ask for it, not have it dropped on them by default. > >> > >>Thats the point Brian was making, the essence of the reply to that was > >>"its not enabled by default because you can turn it off" > >> > >>Which is, as we all know, is a rather absurd statement....which had to > >>be remedied by, yes if you like, a pedantic reply, but a nonetheless > >>valid one... > >> > >> > > > >I disagree ... to me enabled by default would be like the core and base > >default packages .... they are turned on, and one can not turn them off. > >They are enabled by default, whether you need them or not. > > I still stick to my definition of "Enabled by default". Enabled, in my mind, requires some actions by the person doing the install. Though, I will agree that SELinux (in "permissive mode" and not "enforcing mode") is the default selection. > >SELinux would be enabled by default if it were turned on that way. > > > >Also, even if your more liberal definition of "Enabled by default" is > >used ... what is enabled is the "permissive" mode - SELinux prints > >warnings instead of enforcing. There is an "Enabling" mode that must be > >specifically selected. > > > >So, why is no one complaining that LVM2 is enabled by default ... or > >that your C: drive is formatted by default? > > > >Because, you are expected to read and take action during an install. > >That includes whether or not you include a firewall or enable SELinux. > > > > > >>Craig White wrote: > >> > >> > >> > >>>On Mon, 2005-11-21 at 13:56 +0000, Peter Farrow wrote: > >>> > >>> > >>> > >>> > >>>>>>It is not enabled by default ... unless you mindlessly click through > >>>>>> > >>>>>> > >>>>"Default" means, unless you do something to specify otherwise it will be > >>>>this way, > >>>> > >>>>SElinux IS enabled by default, as doing an install without specifically > >>>>searching for it and changing it will result in it being enabled. > >>>> > >>>>http://isp.webopedia.com/TERM/D/default.html > >>>> > >>>> > >>>> > >>>> > >>>>screens without reading them. > >>>> > >>>> > >>>> > >But ... SELinux (at least in a mode that does anything) is not set to be > >enabled by default ... it is in permissive and not enabling. > > > > > >>>> > >>>> > >>>> > >>>> > >>>---- > >>>you are being a bit pedantic here. > >>> > >>>Defaults, installation options, etc. are set by upstream provider. > >>> > >>>If someone were to simply click-through the install without > >>>customization, it would indeed be turned on as would a firewall without > >>>holes and no doubt in that event, said unthinking user would benefit > >>> > >>> > >>>from both. > >> > >> > >true > > > > > >------------------------------------------------------------------------ > > > >_______________________________________________ > >CentOS mailing list > >CentOS at centos.org > >http://lists.centos.org/mailman/listinfo/centos > > > > > > _______________________________________________ > CentOS mailing list > CentOS at centos.org > http://lists.centos.org/mailman/listinfo/centos > > -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part URL: <http://lists.centos.org/pipermail/centos/attachments/20051121/8d914eec/attachment-0005.sig>