bits about SE Linux
Brian May has taken over woody back-ports of SE Linux code, this is good as I
can concentrate on Sarge now.
Brian has an apt repository for SE Linux packages on woody:
deb http://www.microcomaustralia.com.au/debian/ stable selinux
My repository for SE Linux packages on unstable is:
deb http://www.coker.com.au/selinux/ ./
The reason I have a separate repository is that I am producing SE patched
versions of dpkg, login, cron, ssh, logrotate, and coreutils which I can't
upload to unstable. The main packages selinux, selinux-policy, and
kernel-patch-2.?-lsm are in unstable.
I'll probably be personally running 5 SE Linux server machines in live
production environments in 4 sites in two countries by the end of the week.
The tutorial at Linux Kongress didn't go as well as I had hoped, but the
audience seemed reasonably happy anyway. At that session I found a number of
bugs which are now fixed (including one security bug), so the testing did a
lot of good. I am thinking about where to hold the next tutorial or training
session on SE Debian. I wonder if there's demand for commercial training
For those of you who were silly enough to believe the FUD, one of the NSA
employees on the SE Linux project worked until after 11PM last night
(according to date stamps and time zone info in his email headers) merging
some policy patches from me and other people into his CVS tree. If the NSA
was going to drop support for SE Linux then I'm sure he'd have found
something more exciting to do on a Friday night than merge patches into
There is no point PGP/GPG signing an email unless the signature can be
verified. If you post to a list then don't sign the message unless your
key is available on public key servers and has been signed by someone
who is in the web of trust, otherwise you just waste bandwidth and CPU.