Re: [RFC] Changing priority of selinux back to optional
On Wed, 06 Feb 2008 00:49:01 +0100, Erich Schubert <email@example.com> said:
> Hello Frans, Hello fellow DDs, Yes, the SELinux stuff doesn't seem to
> have any currently active developers. I haven't heard anything from
> Manoj in months.
I haven't been around a whole lot, no.
> Anyway, back to the original topic:
> 1. I agree that SELinux currently is not in shape for a release. The
I don't think Lenny is in shape for a release either. It took
me about a day to get most SELinux packages back up to date -- which
means we could have them updated anytmime in the last few months, if
any one had the time or motivsation.
I ought to be back, now that we have survived the end of the
year dog and pony show at work.
> packages are seriously outdated, there have been some major changes in
> upstream. In particular, the 'targeted' and 'strict' policies have
> been merged and only differ by having a 'targeted' module
> installed. AFAIK.
That is the case in the policy we have currently in Sid as well.
> 2. At least libselinux is linked by many of the core packages, and the
> package REALLY should be updated nevertheless. However that might
> require also updating most of the other packages; I'm not sure about
> API compability.
You update most libraries in sync, and most of the utility
packages. Done today.
> 3. In my experience, none of the SELinux librarys or applications were
> particularly hard to package/maintain. All the hard work is in
> fine-tuning the policy to support all the Debian-specific stuff.
> Especially when you need the cooperation of other maintainers, such as
> initscripts: http://bugs.debian.org/390067 cron:
> http://bugs.debian.org/333837 liblzo1:
> http://bugs.debian.org/336138All of which have been open in the
> range of 1.5-2.5 years.
Well. Currently, I think the new setools, polgen, and slat
packages _are_ hard. The refpolicy is not easy either, and not because
of packaging, but because of the testing that needs to be done with any
> So maybe it would be better to actually get some people involved in
> SELinux again.
That would indeed be nice.
"Intelligence without character is a dangerous thing." Steinem
Manoj Srivastava <firstname.lastname@example.org> <http://www.debian.org/~srivasta/>
1024D/BF24424C print 4966 F272 D093 B493 410B 924B 21BA DABB BF24 424C