Drawing lessons from fatal SELinux bug #1054350

Kevin Kofler kevin.kofler at chello.at
Sat Jan 25 18:10:16 UTC 2014

Dominick Grift wrote:
> Sure, what i am saying is that this could have been prevented if the
> team just put a little more passion into it and also did some proof
> reading/coordination. The team knows whats going on. They know the
> issues and they can quickly and effortlessly identify issues like these
> if only they would take some time to watch each others commits.

Looking at the history of the involved bugs, using manual pushes rather than 
the broken karma automatism and taking into account Bugzilla comments, not 
just Bodhi comments, would probably also have prevented this fiasco. One of 
the bugs (not the one that ended up becoming the canonical bug, but an 
earlier one) was reassigned to selinux-policy fairly quickly.

One of the major flaws in the Bodhi karma system is that it cannot possibly 
see what happens in Bugzilla.

> Never the less, I think this issue could have been prevented even before
> a package was spun.

Yes, by disabling SELinux by default. :-)

        Kevin Kofler

More information about the devel mailing list