On Friday 31 December 2004 09:43, Mike Hearn <mike(a)navi.cx> wrote:
It also doesn't help that Fedora have patched upstream SElinux
extensively
in the process of actually making it usable, for instance they've made a
lot of stuff more automatic. I believe these patches are being folded back
in upstream, but the problem with doing it "upside down" like this is
that the official docs which most people find first do not correspond to
an actual FC3 installation, which is what most people are actually playing
with SELinux on.
I do not know why these patches weren't developed upstream then pulled
down as they became ready. I guess there are good reasons.
The patches are developed by the people who have the time and skills
necessary. Some of those people are Red Hat employees (including me). Code
that is developed by Red Hat employees generally goes into Red Hat first
before going upstream.
But that isn't the reason that the documentation lags behind development. The
reason is that a lot of work is being done on developing the code and policy,
but little time is available for documentation. I think that things are
improving in this regard, but there is a lot of documentation work to be
done.
--
http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/ Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/ My home page