Security release criterion proposal
Rahul Sundaram
metherid at gmail.com
Wed May 18 16:57:07 UTC 2011
On 05/18/2011 09:58 PM, "Jóhann B. Guðmundsson" wrote:
> On 05/18/2011 03:57 PM, Adam Williamson wrote:
>> Feedback please! Thanks:)
> Given that we ship selinux on by default should this proposal only be
> applicable to exploits/vulnerability that selinux cant catch and prevent
> which leaves us with <insert type of exploits here )?
No. SELInux (or firewall) is not a first line of defense. These get
turned off by some users and we need to be sure we aren't relying on
them solely. If there are important security issues, they should be
fixed before release regardless of whether SELinux would mitigate them
or not
Rahul
More information about the devel
mailing list