[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Override changes standard -> optional

Russell Coker wrote:
> On Wednesday 31 December 2008 11:32, Frans Pop wrote:
>> Russell Coker wrote:
>> I just did a standard i386 install using the instructions on the wiki
>> [1] (which BTW look to be rather outdated in several respects).
> They were, I have just made some significant changes.

Thanks a lot for that. BTW, wouldn't it make sense to have separate wiki 
pages with setup info per release? The instructions for Etch probably are 
still valid.

> While SE Linux is disabled by default there is little benefit in having
> the packages pre-installed.

I'm glad we agree on that.

My personal opinion is that having selinux at priority standard is not the 
correct choice for Debian. It's good that we've tried it, but it's also 
good that we've now reverted it.

I'll be happy to work with you on designing some alternative way to 
(optionally) install *and* activate SELinux during new installations. 
Main restriction there will be that policy forbids us to modify config 
files of other packages, so any activation of SELinux in packages such as 
the changes in PAM config files will need to be supported by the relevant 
packages, probably through debconf settings.

From the few tests I've done SELinux has matured a lot and the Debian 
packaging has improved tremendously, mainly through your efforts. There 
are a lot less issues after activation then there were for Etch. I hope 
that trend will continue, but especially that users will be able to get 
more support.

However, I also don't yet see SELinux becoming a standard service on all 
Debian systems. It's just too complex a framework for that.

Cheers and happy new year,

Attachment: signature.asc
Description: This is a digitally signed message part.

Reply to: