On Mon, 2006-04-03 at 01:04 +0930, Tim wrote: > On Sun, 2006-04-02 at 08:04 -0700, Craig White wrote: > > More to the issue however, Linux is both a production and a > > participatory system where it is expected that a 'user' minimally > > participate in providing feedback so the product is improved and your > > suggestions above suggest that your decision to turn it off is formed > > by an arrogance that has others participating while you opt out. > > Not everyone has the ability to debug every single thing that's wrong > with Fedora. There comes a time when you look at what's more of a > problem to deal with, fixing the problem, stopping using something you > can't get to work, or stopping using something that's stopping you from > doing what you want to do. > > I've had to give up fighting with SELinux on one machine, it just gets > in the way in far too many places, and is a completely user-unfriendly > system. You've got extremely obscurely named contexts to set, and > they've all got to be done through the command line with woeful > documentation. I've yet to see a GUI tool where you can list a > directory, or look at a file, and see that the file is web servable, or > whatever, or make one so that's not. And the logging is bloody awful. > > The targeted approach goes some way towards making it a bit manageable > (only applying SELinux to some predetermined things). Though, that > approach, of course, leaves holes where you might be got at. A little > security isn't much better than a lot of insecurity. > > The feedback you're seeing from him, and some others, is that its > current implementation is awful. It's got to be usable in more senses > than one. ---- I see your point - that there are levels of system administrators...those that invest the time and energy into obtaining the knowledge necessary to maintain their systems and those that rely on point and click tools and where lacking the point and click tools and the knowledge, opt out for expedience. I agree that many opt out for expedience...too bad. Something inside tells me that many of these people chide Windows systems for a lack of security but I digress. I guess if it is my own personal system, that is one thing. If it is a box that I maintain for a client or my employer, then I wouldn't want to tell them that I disabled a security system because I lacked the knowledge to maintain it...but hey, that's me. In fact, I appreciate the fact that I can hone my skill sets for the systems that I maintain for others right here on my own personal systems. Craig
