[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [RFC] Changing priority of selinux back to optional

On Wed, 06 Feb 2008 00:49:01 +0100, Erich Schubert <erich@debian.org> said: 

> Hello Frans, Hello fellow DDs, Yes, the SELinux stuff doesn't seem to
> have any currently active developers. I haven't heard anything from
> Manoj in months.  

        I haven't been around a whole lot, no.

> Anyway, back to the original topic:
> 1. I agree that SELinux currently is not in shape for a release. The

        I don't think Lenny is in shape for a release either.  It took
 me about a day to get most SELinux packages back up to date --  which
 means we could have them updated anytmime in the last few months, if
 any one had the time or motivsation.

        I ought to be back, now that we have survived the end of the
 year dog and pony show at work.

> packages are seriously outdated, there have been some major changes in
> upstream. In particular, the 'targeted' and 'strict' policies have
> been merged and only differ by having a 'targeted' module
> installed. AFAIK.

        That is the case in the policy we have currently in Sid as well.

> 2. At least libselinux is linked by many of the core packages, and the
> package REALLY should be updated nevertheless. However that might
> require also updating most of the other packages; I'm not sure about
> API compability.

        You update most libraries in sync, and most of the utility
 packages.  Done today.

> 3. In my experience, none of the SELinux librarys or applications were
> particularly hard to package/maintain. All the hard work is in
> fine-tuning the policy to support all the Debian-specific stuff.
> Especially when you need the cooperation of other maintainers, such as
>   initscripts: http://bugs.debian.org/390067 cron:
>   http://bugs.debian.org/333837 liblzo1:
>   http://bugs.debian.org/336138All of which have been open in the
>   range of 1.5-2.5 years.

        Well.  Currently, I think the new setools, polgen, and slat
 packages _are_ hard. The refpolicy is not easy either, and not because
 of packaging, but because of the testing that needs to be done with any

> So maybe it would be better to actually get some people involved in
> SELinux again.

        That would indeed be nice.

"Intelligence without character is a dangerous thing." Steinem
Manoj Srivastava <srivasta@debian.org> <http://www.debian.org/~srivasta/>  
1024D/BF24424C print 4966 F272 D093 B493 410B  924B 21BA DABB BF24 424C

Reply to: