Re: [RFC] Changing priority of selinux back to optional

To: debian-devel@lists.debian.org
Subject: Re: [RFC] Changing priority of selinux back to optional
From: Manoj Srivastava <srivasta@debian.org>
Date: Wed, 06 Feb 2008 23:43:54 -0600
Message-id: <[🔎] 87ejbpxqw5.fsf@anzu.internal.golden-gryphon.com>
Mail-followup-to: debian-devel@lists.debian.org
In-reply-to: <[🔎] 1202255342.2873.119.camel@hepcat.vitavonni.de> (Erich Schubert's message of "Wed, 06 Feb 2008 00:49:01 +0100")
References: <[🔎] 200802052319.29457.elendil@planet.nl> <[🔎] 1202255342.2873.119.camel@hepcat.vitavonni.de>

On Wed, 06 Feb 2008 00:49:01 +0100, Erich Schubert <erich@debian.org> said: 

> Hello Frans, Hello fellow DDs, Yes, the SELinux stuff doesn't seem to
> have any currently active developers. I haven't heard anything from
> Manoj in months.  

        I haven't been around a whole lot, no.

> Anyway, back to the original topic:
> 1. I agree that SELinux currently is not in shape for a release. The

        I don't think Lenny is in shape for a release either.  It took
 me about a day to get most SELinux packages back up to date --  which
 means we could have them updated anytmime in the last few months, if
 any one had the time or motivsation.

        I ought to be back, now that we have survived the end of the
 year dog and pony show at work.

> packages are seriously outdated, there have been some major changes in
> upstream. In particular, the 'targeted' and 'strict' policies have
> been merged and only differ by having a 'targeted' module
> installed. AFAIK.

        That is the case in the policy we have currently in Sid as well.



> 2. At least libselinux is linked by many of the core packages, and the
> package REALLY should be updated nevertheless. However that might
> require also updating most of the other packages; I'm not sure about
> API compability.

        You update most libraries in sync, and most of the utility
 packages.  Done today.

> 3. In my experience, none of the SELinux librarys or applications were
> particularly hard to package/maintain. All the hard work is in
> fine-tuning the policy to support all the Debian-specific stuff.
> Especially when you need the cooperation of other maintainers, such as
>   initscripts: http://bugs.debian.org/390067 cron:
>   http://bugs.debian.org/333837 liblzo1:
>   http://bugs.debian.org/336138All of which have been open in the
>   range of 1.5-2.5 years.


        Well.  Currently, I think the new setools, polgen, and slat
 packages _are_ hard. The refpolicy is not easy either, and not because
 of packaging, but because of the testing that needs to be done with any
 change.

> So maybe it would be better to actually get some people involved in
> SELinux again.

        That would indeed be nice.


        manoj
-- 
"Intelligence without character is a dangerous thing." Steinem
Manoj Srivastava <srivasta@debian.org> <http://www.debian.org/~srivasta/>  
1024D/BF24424C print 4966 F272 D093 B493 410B  924B 21BA DABB BF24 424C

Reply to:

Follow-Ups:
- Re: [RFC] Changing priority of selinux back to optional
  - From: Václav Ovsík <vaclav.ovsik@i.cz>

References:
- [RFC] Changing priority of selinux back to optional
  - From: Frans Pop <elendil@planet.nl>
- Re: [RFC] Changing priority of selinux back to optional
  - From: Erich Schubert <erich@debian.org>

Prev by Date: Re: [RFC] Changing priority of selinux back to optional
Next by Date: Re: Copyright question (BSD with advertisement clause)
Previous by thread: Re: [RFC] Changing priority of selinux back to optional
Next by thread: Re: [RFC] Changing priority of selinux back to optional
Index(es):
- Date
- Thread