Re: [RFC] Changing priority of selinux back to optional

[Manoj Srivastava <srivasta@debian.org>]

On Thu, 7 Feb 2008 07:02:40 +0100, Christian Perrier <bubulle@debian.org> said: 

> I slightly disagree. Not that I have doubts about your commitment, but
> this entire discussion showed that SELinux is, right now, not ready
> for being included in default installs. As D-I is preparing a beta
> release, it could be better to downgrade selinux stuff to optional
> before that release.

        Could we have some concrete guidelines about what needs to be in
 place before SELinux could be considered "ready" ?


> It can still be reactivated later in case the progress you bring
> proves to be enough for this.

> Possible alternative: create a tasksel's task to include it, which
> would make testing of installs with SELinux by default easier. Being
> something not really end user-oriented, that would have to be a
> "hidden" task (not shown as a choice by tasksel) that one could choose
> with the appropriate D-I boot option.

        Secondly, what are we considering removing from standard? I
 would be OK with removing the targeted policy from standard; which
 seems to be the largest package out there which is in standard.

        libselinux1 (165KB installed) and libsepol1 (320KB installed)
 seem to be the only required packages; the rest are things we can
 discuss.

        Additionally, in recent libselinux releases, work has been put
 in to slim down the library, and reduce the burden on low space
 installations.

        manoj
-- 
"Freedom is just Chaos, with better lighting."-Alan Dean Foster "To the
Vanishing Point"
Manoj Srivastava <srivasta@debian.org> <http://www.debian.org/~srivasta/>  
1024D/BF24424C print 4966 F272 D093 B493 410B  924B 21BA DABB BF24 424C