Arthur Pemberton wrote:
On 10/18/07, Les Mikesell <lesmikesell@xxxxxxxxx> wrote:
The place it can hurt is if it causes enough problems that some number
of users don't don't upgrade to the versions that use it or don't do
timely updates because they have a history of introducing new problems.
This drops your first and best line of defense.
Les, please... this is a public list. Do not spread FUD... there is no
history of SELinux updates causing problems.
I'm speaking of fedora updates in general - and over a reasonable period
of time to call 'history'. If you look back to FC2 and FC3, you'll
certainly see a lot of complaints about SELinux updates breaking things.
I have personally had multiple instances of devices that were not
supported in new versions, devices that changed names, breaking the
configurations, updates that installed kernels that would not boot
previously working systems, and the list is full of similar problems in
addition to the ones mentioning SELinux.
In a corporate environment it's obviously very different. Using
different means of access control, using other layers of security such
as SELinux, implementing physical security measures, are all things
that need to be done, and properly.
If you are introducing Linux as something new you can do that.
Otherwise you have to be very careful not to break existing programs and
infrastructure with changes and updates.
I don't see why there should be a requirement of being new.
When you install a new system you get time to test it and nothing to
lose if it breaks. But assume your payroll system is running on
something that fails to boot or can't access it's data after you do an
update that is required for some security issue. Now what? Or worse,
this could be some on-line, customer visible system that is the core of
your business.
If you want a distribution to be more secure in actual use, you have to
make it painless to update and never break anything that previously
worked - otherwise some number of people just won't do it.
You do realise that there are different distros, and each has their
niche. Fedora's niche is being fast pace, some would argue not fast
enough.
Perhaps, but if you want to deliver a product that does not have a
usable way to fix subsequently discovered security flaws after a sort
time then it should have an actual expiration date and self-destruct
instead of being left as easy prey for exploits that turn them into
zombie spam relays or worse. I, and probably most of the list members
here, understand the experimental nature of fedora and that it simply is
not suitable for anything that needs to be reliable over long periods of
time. However, I don't think everyone who has installed fedora
understands that or the dangers of continuing to run any software beyond
the time it is supported with security updates. And I am inclined to
believe the claims like this:
http://computerworld.co.nz/news.nsf/scrt/CD0B9D97EE6FE411CC25736A000E4723
saying that there are large numbers of rootkitted linux boxes around
being used for evil purposes thet their owners don't even notice. It
makes sense just because of the difficulty of keeping the installation
up to date over the life of a machine. Fedora isn't the only disto in
this shape but it is probably one of the most popular with one of the
most difficult upgrade paths. I wouldn't be surprised if there are
still large numbers of FC1 through FC5 installations in use because the
currently supported versions don't ensure (or even suggest) backwards
compatibility, in place upgrades, or even a convenient way to back out
to your previous version if you try an upgrade and find that it doesnt'
work with your hardware or applications.
--
Les Mikesell
lesmikesell@xxxxxxxxx