Peter Farrow wrote: > Some you seem to be drowning in the "complex=secure" scenario. > SELinux adds complexity, the biggest dangers in computer hacking come > from within your own network. > 90% of hacking jobs are in house as the statistics show. And SELinux's _main_ design is to combating people who have _some_ privileges to the system! That's the primary purpose of RBAC/MAC! As someone who has spent half of his career security banks and defense systems, please, _please_ stop this! SELinux _massively_ improves internal security. So why did this come up, yet again? Why does this have to continue? Especially since the upstream provider sets the defaults, and these will NOT change in SELinux! > SELinux makes security complex and bloat like, the same thing that > makes Windows insecure, this makes the admin job harder, which will > lead to mistakes, which will make it hard to find holes, which will > inevitably lead to a less secure system.... QED. As I pointed out before, NT's based RBAC/MAC does _not_ cause its security issues. In fact, it's quite a good model to follow! The problem is 99% of the Windows applications, including various things adopted into NT for "Chicago" compatibility that have caused this issue. Why oh why did this come up again? These defaults will NOT change! Peter Farrow also wrote: > Perhaps all of you that _LOVE_ SElinux so much should branch off to a new > flavour of Linux, > I propose that you name it BloatOS, > Just keep it well away from me. Collins Richey wrote: > Excellent work, Peter! > I've been deleting most of the posts in this thread unread, but I'm > glad I read this one. This one's a keeper. Instead of renaming the distro, maybe we should have a new list entitled, "What we want to bitch about this week, but not stop and take the time to understand and possible resolve?!" It's pretty sad when all people like myself (and I'm not the only one) wish to do is correct technical inaccuracies, _not_ to stop and shove anything down anyone's throat. You don't have to use what is included or suggested, but not everything is "broken" or "not as good as distro X." Why don't we just start a thread on politics here -- because it would be able to it would provide the same level of resolution for "world peace" as it would for Red Hat Enterprise Linux defaults. I.e., *NONE*! ;-> _Nothing_ that has come out of e-mails has been "you must do this." It's always been, "Have you considered this? Do you understand what this does?" It's easy to bitch and moan about something when you don't understand it -- and far worse yet -- it does _nothing_ because you don't understand why things are the way they are (and no one can help you)! But these are the defaults. Live with it however you want to! But don't make CentOS a forum to expose your constant complaints of something you don't want to deal with. Stop pretending you even remotely know how things like SELinux are "bad" (I mean, how many different arguments are people going to make 2, 3 or even 4 times over?!) Or how distribution of CentOS+DAG has a purely "mechanical" issue? Or how YUM could be better? Etc... Craig White wrote: > I'm not entirely sure why you decided to pick up this topic by > replying to a message that is a week old. I honestly thing some people just have to bitch about something they don't want to deal with. They can't step back and recognize why something is designed or why something works the way it does. They just want it to "work my way dammit!" > Personally, I would have thought you to be smart enough to let the > thread die since you used it to insult one of the CentOS developers. In case some of you aren't "getting it," Craig puts it out right there! You say you thank the CentOS developers for their hard work ... "But this" and then there's another "But that". And most of these "but"s aren't really about giving _any_ care to what decisions are made with CentOS, but just bitching about how you think it should work. And in the overwhelming majority of cases, it's something these same people don't know about or understand. All I've tried to do, like a broken record, is ask people to stop and understand things, and I've been very futile in my attempts at times. I honestly give up on this, as well as the > Apparently you decided to revive the thread just to insult those of > us that are actually trying to intelligently apply the security > features adopted by the upstream provider. Personally, I find > you offensive. I'm not offended directly. I rarely get offended. Someone has to call my employer or tell the FBI that I hacked their server to offend me (and no one has stooped to that level here ;-). What I find _indirectly_ offensive is how much the CentOS team is bothered by these constant inquiries on things that WILL *NOT* CHANGE! Let me say that again ... these things WILL *NOT* CHANGE! That's why it's *NOT* about finding solutions, but just "bitching." Especially when the same "round robin, blind analysis" comes up over and over and over on RBAC/MAC, [re]distribution, etc... -- Bryan J. Smith b.j.smith at ieee.org http://thebs413.blogspot.com ------------------------------------------------------------------- For everything else *COUGH*commercials*COUGH* there's "ManningCard"