On 9/21/07, Rahul Sundaram <sundaram@xxxxxxxxxxxxxxxxx> wrote: > Ralf Corsepius wrote: > > > > > If SELinux was transparently working (Which it doesn't on Fedora on many > > situations), nobody would name it "infection". > > Pretty much every security solution has had a history of such problems. > I remember back in the days when a firewall used to get very similar > complaints and everyone was suggesting just to turn it off instead > SELinux is a fundamental security paradigm change. It has taken a lot of > effort to get where we are now. Quite true. > > => This is users complaining about SELinux's usability, based on their > > personal experiences with the Fedora implementation. > > Atleast on Mike McCarty's case he has no personal experience with it. > Users have mixed opinions as always. I have plenty of personal experience with SELinux in both Fedora and CentOS, and I have been using it since FC2, ie. before setroubleshoot. It was a good tool then, now, I do not deploy and internet facing machine without it. > > If SELinux was such an "terrific and compelling approach", upstream > > Linux and other distros would have adopted it _years ago_ with standing > > ovations - Fact is: Nobody did. > > => This is developers and maintainers having doubts on SELinux. > > Sure. Technology changes like this take time. Lilo vs GRUB. Static dev > vs udev as other relatively fundamental changes have also taken time for > distributions to adopt. > > SELinux is indeed upstream and a number of distributions have varying > levels of support for it. Both the technology as well as adoption have > only been increasing over time. > > Rahul That aside, popularity shouldn't be a metric when gauging the usefulness of a piece of software. -- Fedora 7 : sipping some of that moonshine ( www.pembo13.com )