SELinux removed from desktop cd spin?

Vladimir N Kosovac vlada at fedora.org.nz
Thu Jan 17 07:46:17 UTC 2008 

On Thu, 2008-01-17 at 08:19 +0100, Valent Turkovic wrote:
> Jeff Spaleta wrote:
> > On Jan 16, 2008 12:35 PM, Valent Turkovic <valent.turkovic at gmail.com> wrote:
> >> What is your target audience with SELinux?
> > 
> > Everyone who runs a computer that takes input from an external source,
> > whether that be floppies, or a network connection, or a bluetooth
> > keyboard.  Security matters... it doesn't matter if you are a desktop
> > user or not... security matters.  If we are doing a good enough job at
> > policy writing and management then we fix the policies.
> 
> Will fedora include virus scanners? If not why?
> 
yum search clamav

I think you need to go a step (or two) back and re-read what people are
saying about the reasoning behind SElinux enforcing by default.

It is a good thing and a positive shift in the right direction. It does
not cause many problems anymore but if, in some cases, it does,
everybody is free to turn it off if not willing to help developers to
make it better by filing a bug. You can disable it, as you know, at
install time as well.

Comparing Fedora to other distributions is meaningless. Every distro has
its own reasons to package stuff as they do. Fedora is not in a business
of competing with them. While still providing pretty awesome computing
experience, it's purpose is mostly introduction and advancement of cool,
new stuff. The future, you know.

Vladimir


> > You really need to go back and read every single blog post from Dan
> > Walsh concerning the new xguest policy he is working on.  He's got
> > very clear and very real desktop usage cases in mind for it.  Turning
> > selinux off wholesale on a desktop spin just because its not optimal
> > yet, is short-sighted.
> 
> When it becomes usable for general use, by all means, enable it by 
> default. There is no real threat to linux desktop users from any source 
> and there has been zero viruses or explioits that had any significant 
> impact on any linux desktop. I don't see that changing in next 5 years 
> so why force desktop users now to have this rough edged products bother 
> them all the time?
> 
> Valent
>

More information about the devel mailing list