On Thu, Nov 04, 2004 at 01:02:35AM -0600, Manoj Srivastava wrote: > On Wed, 03 Nov 2004 21:15:38 -0500, Colin Walters <[EMAIL PROTECTED]> said: > > > On Wed, 2004-11-03 at 19:21 +0000, Dhruv Gami wrote: > >> Personally, i would prefer to have those two tarballs available. I > >> know most people using SELinux are familiar with patching the > >> kernel, and are generally familiar with how Linux works and know > >> their way around on a Linux system. > > > But moving forward, we don't want people to have to patch their > > kernel or utilities. > > Moving waaay forward. I asked the Debian kernel team to > consider compiling in SELinux (perhaps disabled by default, for > starters), and was told that that is not going to fly because of > "significant performance hit" one takes by compiling SELinux in. I > did not have any data to refute the claim, so that is where we sit. i had a bun-fight with the people who have taken over from herbert: at the point where i told them that recompiling applications to be optimised like yoper and gentoo distributions gives back performance far in excess of that lost by selinux, i stopped hearing back from them.
> While a laudable long term goal, the reality is that most > distributions do not ship these utilities today, and in the case of > Debian, progress, while it is happening, is slow enough that > pragmatism requires we consider the reality that SELinux shall _not_ > be the default in the near term. default: no. available as an additional package: why not? heck, personally i wouldn't even care if it was i386 or 686 only. l. -- -- you don't have to BE MAD | this space | my brother wanted to join mensa, to work, but IT HELPS | for rent | for an ego trip - and get kicked you feel better! I AM | can pay cash | out for a even bigger one. --