Policy Testing Procedures

[Chris Bookholt]

Greetings to all,

My systems were also adversely affected (no login, etc.) by the most 
recent policy upgrade that came from the official updates-released yum 
repository.

What, if any, are the fedora testing procedures for SELinux policy?  I 
know developers make mistakes, but I thought that's what the development 
repos were for.

I don't intend to flame, but rather to express the need for testing to 
address the recent flood of policy problems in packages coming from what 
are supposed to be reasonably stable repos.

Since I don't see a lack of reliability in other packages coming from 
updates-released, it makes me think that the typical 
development->test->release cycle does not apply to SELinux policy 
packages.  If this is the case, why?  If not, what other reason is there 
for the lack of comparable quality?

Clearly you, the fedora SELinux policy developers, are trying hard to 
avoid scaring users away by incrementally tightening the policies. 
However, each time a broken policy is released as stable, you lose the 
trust you so patiently built.

So, my message is this:

Please test.  If you already test, please test more.  Thanks for your 
hard work and brilliant ideas; I'm a big fan of adding MAC into 
mainstream distros.

Best Regards,
Chris
-- 
Christopher G. Bookholt, RHCE
cgbookho at ncsu.edu