On Fri, 21 Sep 2007, Alan Cox wrote:
so your suggesting we should make ourselves suffer for no reason just for
the hell of it? selinux offeres no, i repeat NO advantage over what our
normal security is now.
Nobody competent to assess that I know of would agree with that statement.
You cant know many people, or at least know many that run a myriad of
programs, paying customers get to run what they want, when they want.
I note you neglected to include and comment on the fact that if a box is
taken it *is* taken and theres not a thing selinux can do shit about it,
sure selinux might be all dandy for some cluless tart who has nfi about
securing their pc and is directly connected to the net, but to large
ISP's its a complete hinderance and nuisance, but since we have ceased use
of all RH products as servers as at EOL of RH9 (the last decent RH
released product) and moved them all to slackware, we dont have any
problem, tried earlier fedoras, but that was never going to last with so
little update maintenance time frames and instability and unreliability
(fair enough as RH have said its not designed for our uses), at least if
we install say sendmail or bind we have one package, not 3 or however
many its up to now, and we dont have it butchered and customised to suite
RH, since the move to Slackware on servers we have not looked back at all
and stability and reliability is excellent, ongoing updates in at least
equal to RHES time frames, in some cases exceeds 5 years, and to see the
the lack of maintenance required, one only has to look at the update repos
for slackware and fedora, granted slackware doesant come with as much as
fedora, nor does it come with gnome anymore, but compare the programs that
it has to fedoras and because of RH's butchering and patching to suite
their way of life (smells more like m$ every day) you can see the
difference.
--
Cheers
Res
