Warren Young wrote:
> On 12/9/2010 1:54 AM, David Sommerseth wrote:
>>
>> For the vast majority of issues with SELinux, it possible to overcome
>> them using the provided tools.
>
> Of course, but I think you're mistaking "possible" for "practical".
> Everyone has different incentives and constraints.
>
> Allow me build an analogy with GUI program design. The tools provided
> with the OS are sufficient for any program to be beautifully designed.
> We have powerful graphics editors, solid GUI libraries, mature GUI
> builders, and unprecedentedly powerful means for finding and attracting
> design talent. Yet, most Linux GUI programs are not as nicely designed
> as the best counterparts on Windows and OS X.
>
> Why?
Well, because what most people see, or buy, is WinDoze, so that's where
the money is.
>
> On Windows and OS X, the incentives are different. More software costs
> money, and among the ways to convince people to pay money for software
> when there are free alternatives, one way is to make the software more
> beautiful, and another is to make it easier to use.
Also, Apple dictates style; to a lesser degree, so does M$. There's no
dictated style guide for Linux.
>
> Now let's apply that same thinking to SELinux.
>
> First, not all open source projects have the proper incentives to
> support SELinux. One reason might be that the project started on one of
<snip>
> Then you have the packagers. Those packages not made by people trying
<snip>
> Next there are those who just wish to install and use the software.
> They may not wish to dig into the package to fix SELinux problems any
> more than you see Joe Shellprompt fixing any of the many other other
> common problems you find constantly kicked back upstream through
> complaints in bug trackers and on mailing lists.
Here's the big one. I've got enough to do without adding selinux on top of
the mix. As I said, on almost all our boxen, it's disabled.
<snip>
mark