Russell Coker wrote: > On Wednesday 31 December 2008 11:32, Frans Pop wrote: >> Russell Coker wrote: >> I just did a standard i386 install using the instructions on the wiki >>  (which BTW look to be rather outdated in several respects). > > They were, I have just made some significant changes. Thanks a lot for that. BTW, wouldn't it make sense to have separate wiki pages with setup info per release? The instructions for Etch probably are still valid. > While SE Linux is disabled by default there is little benefit in having > the packages pre-installed. I'm glad we agree on that. My personal opinion is that having selinux at priority standard is not the correct choice for Debian. It's good that we've tried it, but it's also good that we've now reverted it. I'll be happy to work with you on designing some alternative way to (optionally) install *and* activate SELinux during new installations. Main restriction there will be that policy forbids us to modify config files of other packages, so any activation of SELinux in packages such as the changes in PAM config files will need to be supported by the relevant packages, probably through debconf settings. From the few tests I've done SELinux has matured a lot and the Debian packaging has improved tremendously, mainly through your efforts. There are a lot less issues after activation then there were for Etch. I hope that trend will continue, but especially that users will be able to get more support. However, I also don't yet see SELinux becoming a standard service on all Debian systems. It's just too complex a framework for that. Cheers and happy new year, FJP
Description: This is a digitally signed message part.