[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Updated SELinux Release

On Fri, 05 Nov 2004 15:57:52 +0000, Luke Kenneth Casson Leighton wrote:
>  response 3: _is_ it the job of debian developers to dictate the minimum
>  acceptable security level?

It is the job of the kernel team to maintain the kernel.  That includes
ensuring the kernel runs correctly and quickly in the most common cases,
tailoring the kernel to the needs of our users, and allowing users to
simply drop in a kernel package and have it Just Work.  The same applies
to every other package in debian, really.  The minimum acceptable security
level falls under that, as well.  Most users are happy w/ the standard
unix permission system.  Demands for selinux are relatively new.

>  basically what i mean is, in gentoo, it's a no-brainer: you set options
>  at the beginning of your build, come back [2 weeks? :) ] later and you
>  have a system with PAX stack smashing, lovely kernel, everything
>  hunky-dory.
>  debian doesn't GIVE users that choice [remember the adamantix
>  bun-fight, anyone?] and instead settles for about the lowest possible
>  common denominator - no consideration to modern security AT ALL!

Users always have the choice; that's what kernel-package is for.  Gentoo
requires you compile the kernel; you can do the same in debian to get
your pax/selinux/3rd party patches in your kernel.  Debian also provides
the option to simply download a kernel image, without having to bother
compiling anything.  The trade-off for doing that is that you won't get
your third party patches and unusual features.

I should probably mention that I find your claim about debian not taking
security into consideration quite insulting.  Don't expect people to bend
over backwards to accommodate your requests when you make such
inflammatory remarks.

Reply to: