Re: Updated SELinux Release
On Fri, 2004-11-05 at 15:57 +0000, Luke Kenneth Casson Leighton wrote:
> response 3: _is_ it the job of debian developers to dictate the minimum
> acceptable security level?
It is absolutely Debian's job to provide a baseline level of security by
default. Debian doesn't let you install a system by default without a
root password, or install a mail server that relays mail from any IP
address, etc. You're encouraged to create a regular user account for
logins (IIRC). Likewise, I think it should be part of the standard
Linux security practice to have SELinux enabled by default. With the
targeted policy and all the flexibility it offers (e.g. just turn off
protection for Apache, keep protection for named/portmap/syslog etc on),
there's very little reason not to ship it on.