On Saturday 11 October 2008 16:19, Tom Horsley wrote: > On Thu, 9 Oct 2008 12:02:52 +0000 > > Marko Vojinovic <vvmarko@xxxxxxxxxxx> wrote: > > In general, you want a system with active selinux as much as a system > > with file permissions. Security. > > Wrong Moose Breath! :-). > > In general, I want a system where it is possible to get things done, > and all of the security types in the universe believe that just one more > little obstacle won't hurt anything because, after all, it is to improve > security. > > Collect together enough security features and you might as well try to > use a cement block as a computer (which, after all, would be very secure, > but still it might be physically breached, so we'll probably need > to spend several more years make sure that cement blocks are all > locked down with steel cables and enclosed in 10 ton vaults to protect > their physical security). I can't agree with what Marko said. I'd hate to see the time when Selinux was installed in enforcing mode, and impossible to disable it. I have left Selinux in enforcing mode on F8, and F9, and had only one problem, where I wasn't able to FTP into F8, and F9, from another machine. Setroubleshoot provided a fix for that, and I've had no problems since that. If I did have constant problems with Selinux, I'd have no hesitation in either disabling it, or at least trying it in permissive mode first. I'm only a home user, but am not saying that I'm not concerned about security. How much security is enough? I've often read that security is a bit of a compromise. Too much security, and the machine is virtually unuseable, which sort of defeats the object of having a computer in the first place, if you can't do anything with it. Too little security (perhaps particularly with Windows machines), and your machine can be compromised, courtesy of all those miscreants out there. I agree that it's annoying when trying to remove, for example Selinux, that it wants to remove half the OS as deps. You can simply disable Selinux, but that doesn't stop an app that you longer want, being updated. I disabled Pulseaudio by removing the alsa-plugins-pulseaudio package, but all the other pulseaudio stuff is still updated, and if nothing else, is wasting bandwidth, and the time it takes on my dialup connection. Totally removing all the pulseaudio stuff has similar problems to your Selinux removal. One Pulseaudio package wants to remove many other packages (non specifically Pulseaudio related), and I know of one person that did this (no longer on the list, but now on the Ubuntu list), and totally screwed up the sound. On FC2 I removed Totem (the gstreamer version), and it also removed Rhythmbox as a dep. Then I reinstalled Rhythmbox, which didn't want Totem as a dep. Totem is dependent on Rhythmbox, but Rhythmbox is not dependent on Totem, at least that's the way it appears. Puzzling! Personally, if you can just disable stuff, I'd go with that, and just put up with the needless updates for apps that you no longer use, or want. 25¢ worth of personal observations. Nigel. -- fedora-list mailing list fedora-list@xxxxxxxxxx To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
