On 04/09/2012 08:22 PM, Daniel J Walsh wrote:
On 04/09/2012 02:15 PM, Miloslav Trmač wrote:
On Mon, Apr 9, 2012 at 4:58 PM, Daniel J Walsh<dwa...@redhat.com> wrote:
One suggestion I have heard is to turn the feature off if someone install
gdb like we do with DrKonji, which might be a better solution then
disabling by default.
It would be very surprising if merely installing a package changed the
security configuration that is not directly related to the files installed
by the package. Mirek
Right, although this is about compromise. I want the feature for as many
users as possible.
We know, believe me...
Do you want to know what *users* want?
If I have it on, I will hit 90% of the installed SELinux
Base. If I turn it off by default I will hit< 1 % of the installed SELinux
Base. If I compromise I can get 50 % of the installed base to use it.
Poor installed base....
People do not tend to change the defaults when it comes to security other then
loosening it.
People also tend to remove handcuffs at every opportunity they get.
I wonder why.
--
vda
--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel
