>you seem to frequently grab a soap box and shout your thoughts here but >of course, -- Inaccurate.... >that is your interpretation and I don't agree with your interpretation It was not an interpretation it was a statement quoted verbatim from the authors of SELinux, you are reading more into SElinux than the persons who created it! >unfortunately, not all of us possess your extreme skill set that ensures >security so some of us welcome additional layers of security by spending >the effort to learn it. Uusing SELinux in the hope that it will make a poorly setup box secure is another limitation you appear not to have realised. From the authors themselves "it was not tested for vulnerabilities", sorry guys you still have your heads in the sand (or is it somewhere else?) >Therefore, your commentary is merely pissing in the wind. It >is apparent that you enjoy such activity. -- You've missed the point again... Having set the SELinux debate running again, I'll leave you to discuss it further, I am glad I made you all think about it, but you still want to waste your time with it thats great for you, I'll wait until its complete and finalised. Finally yes you're right that Linux was an Intern project to start with, its taken well ten years to become useful and mature, SELinux is still immature and not [yet] usefull... P. Craig White wrote: > On Wed, 2006-09-20 at 18:10 +0100, Peter Farrow wrote: > >>> If selinux helps you, then use it. If it doesn't, then don't. No one >>> is twisting your arm and forcing you at gunpoint to use it.... yet. >>> The beauty of open source is that it's all about choice. Do what you >>> want, so long as you're smart enough to do it. >>> >> -- when really it should be an option to enable it, which a warning >> that it wasn't tested for vulnerabilities, does not >> add any official security value to Linux and will of course slow the >> system down. Furthermore it adds a layer of >> security obfuscation which will in itself lead to administrators >> making mistakes and inadvertently lowering security >> as it is such a PITA. >> > ---- > it is a PITA to those who make little or no effort to understand it. > Good > > it is but an additional layer of security - nothing more and only less > for those who make little or no effort to understand it and disable it. > ---- > >> Unices were configurable to be secure by many a competant >> administrator before this addition of bloat to the OS. >> > ---- > unfortunately, not all of us possess your extreme skill set that ensures > security so some of us welcome additional layers of security by spending > the effort to learn it. > ---- > >> I choose not to use it, but ocassionally on some of my RHEL installs I >> forget to turn it off, >> if it is off by default I wouldn't need to keep removing it! >> > ---- > you should contact upstream provider and convince them that you know > better > ---- > >> What I find most curious is, despite the authors of it claiming >> nothing of any note about it in terms of security, >> and in fact in the link I originally posted the authors go quite some >> way to distance themselves from claiming >> it adds any actual security, >> > ---- > that is your interpretation and I don't agree with your interpretation > ---- > >> and hasn't been tested for vulnerabilities as such, that some people >> still swear by it as >> the gospel truth and the only one true path. Whilst such religious >> commitment to an unproven cause undoubtedly >> shows good faith, I would add that such blind practices are best left >> to sunday school or the church sermon. >> > ---- > you seem to frequently grab a soap box and shout your thoughts here but > of course, since CentOS tracks the upstream as closely as possible, as > long as upstream is committed to this layer of security, it will be thus > on CentOS. Therefore, your commentary is merely pissing in the wind. It > is apparent that you enjoy such activity. > ---- > >> P. >> > ---- > Craig > > > _______________________________________________ > CentOS mailing list > CentOS at centos.org > http://lists.centos.org/mailman/listinfo/centos > > -- This message has been scanned for viruses and dangerous content by the Enhancion system Scanner and is believed to be clean. http://www.enhancion.net -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.centos.org/pipermail/centos/attachments/20060920/947e4daa/attachment-0004.html>