SELinux removed from desktop cd spin?

Thu Jan 17 07:34:29 UTC 2008

Andrew Farris wrote:
> Douglas McClendon wrote:
>> Andrew Farris wrote:
>>> Oh I followed your intention, I just disagree with whether that 
>>> parallel is a fair or even logical one to make about whether selinux 
>>> is *in* the official spins as opposed to *forcing* people to enable 
>>> it, which is the difference between effecting your choice or not.
>>
>> No, please reread what I said.
>>
>> It was never about the choice to force people to enable it.
>>
>> It was about the decision to mandate that *every* official fedora spin 
>> had it enabled by default.
>>
>> I contend that that there is room for enough official spins, such that 
>>  >0 will have selinux not enabled by default.
>>
>> The target of the rant was advocating that exactly 0 official fedora 
>> spins have selinux not enabled be default.
> 
> The OP you replied to (jonez) did not mention enabling selinux, only 
> having it.  This may be a minor semantic difference, 

Yes, I agree that that minor semantic difference was not addressed in my 
rant or reply to your reply.

But it doesn't really change the point I was trying to make, because I 
see this-

selinux has benefits, and costs in disk space and performance, and 
usability.

My logic is that because of this, I vehenemently disagree with the 
proposition that fedora have a policy of installing it by default 
(regardless of default enable/disable) on *every* official spin.

It is clear, that the target of my rant was advocating *at least* that 
proposition (and perhaps the further that it be enabled by default).

but I see no reason
> why the distribution should produce official spins without selinux 
> *available*... 

neither do I.

I agree there is plenty of room for a spin in which it is
> not enabled by default (but I would not agree the main desktop spin is 
> one of them)

neither would I (being charitable and taking the word that the rate of 
user annoyances will continue decreasing, and more desktop user benefits 
will be added)

.  As you've already mentioned if its that important for
> someone to build a custom spin with no selinux bits on it at all, thats 
> not exactly hard for them to do.  But is there honestly a need for 
> Fedora to host and build it? IMO No.

Is there honestly a need for fedora to position policy to preclude such 
an event, should interest in such a project build?

Again, the non-political aspect of this debate is basically one which 
I've sadly always been easily drawn into.  I'm a 'never say never' kind 
of person.  I think there may even be some mathematical 'black swan' 
philosophy related to it.

I.e. just because you might not see a big need for a particular subset 
of the possible spins of fedora, does not mean that you should advocate 
that such spins not be permitted, or be precluded by policy.  Or so my 
opinion goes.

But really, that is a bunch of long winded technical justification for 
the fact that I presented a rant against current public policies that 
seem willing to sacrifice what I considered valuable ideals and culture, 
for the sake of national security.

I guess I should just wake up and smell the post-9/11 world and get used 
to it, and not use every chance I find to speak up against what I 
perceive as a world where the US constitution is being metaphorically 
shat on.

Que Sera Sera...

-dmc