On Sun, Sep 23, 2007 at 02:56:44PM -0500, Manoj Srivastava wrote: > On Sun, 23 Sep 2007 16:06:11 +0900, Takehiko Abe <keke@gol.com> said: > > > Manoj Srivastava wrote: > >> That is not the case. All core libraries and packages have already > >> been patched and are functional in Etch. You did not even notice it, > >> because they are optional. > > > libselinux and libsepol are required and are not optional. > > And, while present, there is no change in behaviour unless > special action is taken to activate SELinux functionality. The > libraries are small; considering the sizes of libraries that large > segments of users do not use that are part of the base, I do not think > this is unreasonable space and memory utilization. > --8<---------------cut here---------------start------------->8--- > __> ll -h /lib/libse* > 100K -rw-r--r-- 1 root root 91K 2007-07-06 21:00 /lib/libselinux.so.1 > 172K -rw-r--r-- 1 root root 161K 2007-07-06 21:07 /lib/libsemanage.so.1 > 248K -rw-r--r-- 1 root root 240K 2007-07-06 21:01 /lib/libsepol.so.1 > --8<---------------cut here---------------end--------------->8--- > > > I bet that selinux is of no use for majority of us. I wish the patches > > to be left as seperate patches. Those who need selinux wouldn't > > object. A special destribution would be even better -- "Debian > > Enterprise". > > I think better security is useful for every one of us; but that > is not the question here. Debian is about giving the widest range of > options to our users; and while that means sometimes the distribution > carries changes that are only useful to a subset of the users, the > choices are still there for those that want them. > > We try or best to minimize the impact on people who do not want > to use optional functionality, and in this case, we have tried to make > the SELinux as non-intrusive as possible for people who are not using > it. > > I am planning on a special distribution when SELinux support > gets far enough along -- A Debian SELinux custom distribution; where > SELinux support shall be installable fully configured and in enforcing > mode. Hi Why not make a different section on the normal stable / testing / unstable streams. so non-free contrib and selinux place all the selinux patch stuff under there ? Alex > > manoj > -- > If you don't drink it, someone else will. > Manoj Srivastava <srivasta@acm.org> <http://www.golden-gryphon.com/> > 1024D/BF24424C print 4966 F272 D093 B493 410B 924B 21BA DABB BF24 424C > > > -- > To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org > with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org > >
Attachment:
signature.asc
Description: Digital signature