On 12/31/11 12:04 , Holger Levsen wrote:
Easy now... SELinux worked fine even in Lenny in targeted mode (except DHCP, but that was my own fault starting such changes before fully understanding them or reading the full docs). Unfortunately, running Debian with SELinux seems to be a niche among Debian developers, especially on the desktop, which most presumably develop and test their packages. As such, most packages are completely untested with SELinux or lack any sort of policy, unless Russell develops one (I think the responsability for developing a policy would better lie with each package maintainer - a single person cannot cover 16000+ packages in Debian), or if you have the time to fix your system writing your own policies. For a server, most things are probably covered; for a desktop, much less.On Freitag, 30. Dezember 2011, Russell Coker wrote:I can't imagine what the benefit would be in using "official" packages that I created and uploaded to Debian over using "unofficial" packages that I created and couldn't get in a Squeeze updateFrankly, your lack of imagination is pretty sad. The difference is that people cannot use squeeze properly without relying on some external repository.
If you need mature, well-debugged SELinux support covering pretty much everything, and you can live with having 5-6 "unofficial" repositories that are sometimes causing conflicts, and, even so, significantly less software than Debian has, and you don't need to upgrade "in-place" between releasea a la apt-get, a distro from the RHEL family might be a better choice. They even constrain what Totem, Firefox or Evolution may do.