[Trisquel-users] Security Enhanced Linux Kernel? Eh? What's going on here? O.o!
https://en.wikipedia.org/wiki/Security-Enhanced_Linux Wow. I'm just SHOCKED! Why was it released under GPL and no one has stopped them from re-licensing it?
Re: [Trisquel-users] Security Enhanced Linux Kernel? Eh? What's going on here? O.o!
And why is it on Trisquel? http://packages.trisquel.info/uk/taranis/libselinux1 GOSH!
Re: [Trisquel-users] Security Enhanced Linux Kernel? Eh? What's going on here? O.o!
Wikipedia it's a Linux kernel security module, not a kernel. And what do you mean by "no one has stopped them from re-licensing it?"? What relicensing?
Re: [Trisquel-users] Security Enhanced Linux Kernel? Eh? What's going on here? O.o!
Well, I mean. If it has been provided by the NSA, and it licensed under GPL... it should have been changed a while ago. Is there anyway to disable or change it? I know, it's free software, nonetheless, I'm not a programmer, so I cannot look into the source code myself and check if there is any backdoor. (I don't intend being paranoid) I just want to avoid it, you know... :(
Re: [Trisquel-users] Security Enhanced Linux Kernel? Eh? What's going on here? O.o!
"If it has been provided by the NSA, and it licensed under GPL... it should have been changed a while ago." What do you mean by that?
Re: [Trisquel-users] Security Enhanced Linux Kernel? Eh? What's going on here? O.o!
I get why you're worry with just seeing "NSA", but I can't understand what's the concern with the GPL license. Nice desktop by the way.
Re: [Trisquel-users] Security Enhanced Linux Kernel? Eh? What's going on here? O.o!
It's by the NSA but it's free software and I expect kernel developers and/or the FSF to have checked if it's dangerous. In all fairness we can'tbe 100% sure, but
Re: [Trisquel-users] Security Enhanced Linux Kernel? Eh? What's going on here? O.o!
Please consider that when Unity started doing something malicious (automatically sending search queries to Canonical's servers), it was very quickly discovered. I don't think anyone's made a fixed fork of Unity, but that's more because of a lack of interest in Unity than anything (the only party particularly interested in Unity is its developer, Canonical). SELinux is old. I was in Kindergarten at the time. If it was malicious, it would have been discovered long ago. Malicious features simply do not thrive in libre software.
Re: [Trisquel-users] Security Enhanced Linux Kernel? Eh? What's going on here? O.o!
Trust me- you're not the first to have ever been concerned about SELinux. People have had a look at it before, and there really is nothing to worry about. If there was (since it's GPL) there would have been an uproar, and it would have been modified or rejected by the GNU/Linux community. Sure, it comes from the NSA. But it's also under the GPL. There is nothing to fear.
Re: [Trisquel-users] Security Enhanced Linux Kernel? Eh? What's going on here? O.o!
Well, I meant that if it had a malicious feature, it shouldn't have been licensed under GPL. Nonetheless, by reading other comments I'm more relieved to the fact that no one has found anything about it... but we should be aware...
Re: [Trisquel-users] Security Enhanced Linux Kernel? Eh? What's going on here? O.o!
Oh, if the NSA had added any malicious feature that we are not aware of, it must have been licensed differently. Well, at least because it's licensed under GPL the programmers can look into the source code.
Re: [Trisquel-users] Security Enhanced Linux Kernel? Eh? What's going on here? O.o!
Guys from Ubuntu and Debian, yes (and if, IF you don't trust any of those guys then why trust the rest of Trisquel's repos?).
Re: [Trisquel-users] Security Enhanced Linux Kernel? Eh? What's going on here? O.o!
Just to be sure, before it gets to my repos, was there someone reviewing it before adding it to the repositories?
Re: [Trisquel-users] Security Enhanced Linux Kernel? Eh? What's going on here? O.o!
Has it been fixed? Or do they continue doing that?
Re: [Trisquel-users] Security Enhanced Linux Kernel? Eh? What's going on here? O.o!
Yeah, I've been doing a little research, and it seems that everybody is saying: "It's licensed under GPL, we should be safe" and "You can look into the source code" But so far, nobody was reviewing it... I think we're not being so cautious...
Re: [Trisquel-users] Security Enhanced Linux Kernel? Eh? What's going on here? O.o!
Indeed. But what's even more alarming, is the presence of (gasp) Emacs! Let's put on our tinfoil hats guys- who reviewed that before it got put in the repos? Or- gosh- KDE? or linux-firmware? or GNOME? or libreoffice? or nano? Or (I tremble at the name) sl! Perhaps behind its seemingly innocent ASCII art facade, there lies a vile plot to destroy our entire planet, daresay our entire universe! Didn't see that one coming, did'ya? -- SELinux is old. It is under the GPL. It's not that big. It has been examined. It is OK. Stop worrying. And would you please stop ending every post with that annoying ominous ellipsis of yours?
Re: [Trisquel-users] Security Enhanced Linux Kernel? Eh? What's going on here? O.o!
They're still at it. https://fixubuntu.com/
Re: [Trisquel-users] Security Enhanced Linux Kernel? Eh? What's going on here? O.o!
As far as I know, the GPL doesn't say anything about malicious features inside the software. Richard Stallman say that malicious features, killing people with software, etc.. Don't have be regulated by licenses as copyright isn't for that, the rest of the law is for that.
Re: [Trisquel-users] Security Enhanced Linux Kernel? Eh? What's going on here? O.o!
This is indeed very interesting: https://micahflee.com/2013/11/canonical-shouldnt-abuse-trademark-law-to-silence-critics-of-its-privacy-decisions/
Re: [Trisquel-users] Security Enhanced Linux Kernel? Eh? What's going on here? O.o!
The difference is that the guys from Debian and Ubuntu (mainly) are not as concerned as the guys from Trisquel are...
Re: [Trisquel-users] Security Enhanced Linux Kernel? Eh? What's going on here? O.o!
Someone said Unnunntu Kylin? http://www.ubuntu.com/download/ubuntu-kylin An OS made for Chinese people and very welcomed by one of the greatest dictatorships of the entire stupid World.. I wouldn't trust Ubunnuntu on anything. But then again, I am paranoid and that is just my thought..
Re: [Trisquel-users] Security Enhanced Linux Kernel? Eh? What's going on here? O.o!
Compared to which American spying doesn't really pale, so..
Re: [Trisquel-users] Security Enhanced Linux Kernel? Eh? What's going on here? O.o!
Yeah but one can say that about everything, from SysVinit to IceCat to GNU Emacs to Vim to Linux-libre to GNU Hurd to Drupal to MS Office to iWork to OpenOffice.
Re: [Trisquel-users] Security Enhanced Linux Kernel? Eh? What's going on here? O.o!
SELinux and RedHats connections to the US gov./spy agencies is the main reason why SUSE/openSUSE created AppArmor, (Immunix actually). You also have Tomoyo as another alternative and grsec-kernel if you really want security.
Re: [Trisquel-users] Security Enhanced Linux Kernel? Eh? What's going on here? O.o!
funny, for what part?
Re: [Trisquel-users] Security Enhanced Linux Kernel? Eh? What's going on here? O.o!
I beg your pardon, what do you mean by "ominous ellipsis"? Did I say something offensive or disgusting? (I never intended that, if so, my apologies...)
Re: [Trisquel-users] Security Enhanced Linux Kernel? Eh? What's going on here? O.o!
An ellipsis is three dots: "..." (or, more correctly, ". . .", but pretty much no one does that).
Re: [Trisquel-users] Security Enhanced Linux Kernel? Eh? What's going on here? O.o!
You used a few ellipses (...), which are commonly pretty ominous. "The difference is that the guys from Debian and Ubuntu (mainly) are not as concerned as the guys from Trisquel are regarding privacy." The Debian project as a whole is pretty big on privacy, security, and software freedom-- as much as Trisquel is, I'd say. Just because the module was written by the NSA doesn't mean it's malicious. The module's been pretty much looked through in through, you've nothing to worry about. Oh, and is that Lelouch I see? Er... Zero?
Re: [Trisquel-users] Security Enhanced Linux Kernel? Eh? What's going on here? O.o!
But no distribution audits all of the software it bundles (and even if they did, it is likely that several vulnerabilities go undetected); in specific, Ubuntu and Debian don't. For discovering vulnerabilities distributions mostly rely on public discoveries. Debian mentions the name of the discoverer of vulnerabilities in announces in the read only mailing list “debian-security-annou...@lists.debian.org”. In one occasion, Debian introduced a vulnerability, possibly accidentally, it was discovered and fixed. There have been vulnerabilities which have remained undiscovered for years like CVE-2014-6271 (use a search engine for more information).
Re: [Trisquel-users] Security Enhanced Linux Kernel? Eh? What's going on here? O.o!
The Debian project as a whole is pretty big on privacy, security, and software freedom-- as much as Trisquel is, I'd say. Just because the module was written by the NSA doesn't mean it's malicious. The module's been pretty much eyed by many people, so you've nothing to worry about. well said girl!
Re: [Trisquel-users] Security Enhanced Linux Kernel? Eh? What's going on here? O.o!
For starters, the official SELinux handbook is hosted by and maintained by the NSA. Also, not the above post in response to onpon, regarding the OpenSSH debacle being created by SELinux. Systems that did not have it installed or enabled were fine.
Re: [Trisquel-users] Security Enhanced Linux Kernel? Eh? What's going on here? O.o!
It is very naive to think that "Malicious features simply do not thrive in libre software." More difficult, perhaps, impossible, not by the least. There are many vulnerabilities in any given software. And yes, Libre, open source software can be created with the explicit intention to create holes (bugs). An example is the prior OpenSSH debacle, this only affected systems that ran SELinux, if you did not have it installed or enabled then your system was fine. Interesting that a system designed to make your OS more secure created a major hole that was wide open! SELinux is what made OpenSSH insecure! Similar concerns have been raised with systemd. http://www.juniper.net/security/auto/vulnerabilities/vuln30276.html
Re: [Trisquel-users] Security Enhanced Linux Kernel? Eh? What's going on here? O.o!
"Or do you have a reference (other than discussion on a forum) this time?" not sure you entirely answered the above question do you have a reference for why you think redhat are linked to the us government spy agency's
Re: [Trisquel-users] Security Enhanced Linux Kernel? Eh? What's going on here? O.o!
This is/was the Chairman of the Board https://en.wikipedia.org/wiki/Hugh_Shelton Interesting choice for a technology company, no. http://cdn.atechnologyjobisnoexcuse.com/files/2012/02/sandia-20120206.pdf http://gcn.com/Articles/2005/01/21/Red-Hat-pushes-for-Linux-in-federal-market.aspx They are mainly a gov. company now, most of their contracts are US gov. contracts. Even USPS uses SUSE/openSUSE apparently out of privacy concerns for its customers. International Stock exchanges, and many European and Asian companies and Governments use SUSE/openSUSE, because RedHat is seen as being "in bed with" the US Gov.
Re: [Trisquel-users] Security Enhanced Linux Kernel? Eh? What's going on here? O.o!
look down a little lower Magic...I forgot to reply directly to his post.
Re: [Trisquel-users] Security Enhanced Linux Kernel? Eh? What's going on here? O.o!
LOL, where do you get your outdated info. The Microsoft settlement is one of the oldest sticks and exaggerations one could throw. It was a lawsuit settlement between Novell and Microsoft over patents. NEWSBREAK Novell no longer owns SUSE and they never owned openSUSE. Micro Focus International is the new owner of SUSE, and the first thing they did was give SUSE autonomy, in other words, SUSE can do their own thing make their own decisions and it is not based on Micro Focus. Also, frees them up from the Novell settlement with Microsoft. Microsoft never owned SUSE anyway that is funny. Good try Magic, would expect better from you though.
Re: [Trisquel-users] Security Enhanced Linux Kernel? Eh? What's going on here? O.o!
Oh, this just keeps getting funnier. The partnership as a part of the settlement over patents and only patents (again why GPL is a great creation, it avoids this nonsense), anyway, also had SUSE create their system so it can operate within companies that are mainly Microsoft oriented (ie: most companies) and the SUSE OS (SLES) would be able to work with the other systems flawlessly. But to say that SUSE or openSUSE is a Microsoft product is just laughable. Their OBS (open build service) is one of the largest repositories for free software in the world (Debian has more), however, Debian does not hold programs or build programs for other distros, openSUSE does. You can build programs for Debian, Fedora, CentOS, Slackware...etc..., I would say that is a pretty darn good commitment to open source. Again, the settlement was not between SUSE and Microsoft it was between Novell and Microsoft. And yes, I do think they (Novell) copped out and caved in to the pressure, which RedHat did not, so cudos to them for that. openSUSE is community driven like Fedora, but even more open and autonomy then Fedora. Agreed, this is not the place to discuss that distro. in any detail, but wanted to clarify your points.
Re: [Trisquel-users] Security Enhanced Linux Kernel? Eh? What's going on here? O.o!
http://gcn.com/articles/2009/07/13/update2-usps-open-source-product-tracking-system.aspx
Re: [Trisquel-users] Security Enhanced Linux Kernel? Eh? What's going on here? O.o!
Hey, remember just yesterday when I, not taking you at all seriously, hastily replied to you based on a quick glance at what you said, and turned out to be wrong? This is not debate. You're spewing out so much bullshit so frequently that most sane people are just going to ignore what you say. I'm not going to accuse you of intentionally causing this to make people who don't share your views, but I will say that if you truly want an intelligent debate with anyone who doesn't have MB's patience, you'll have to stop saying things that are so incredibly wrong so much.
Re: [Trisquel-users] Security Enhanced Linux Kernel? Eh? What's going on here? O.o!
Well, all I can say to both of you is, wow! As the old saying goes...you can take a horse to water but you can't make it drink...unless of course its cool-aid, and then its obvious when people drink that. Anyway, it was enjoyable, and perhaps others will read up on it, and learn as well.
Re: [Trisquel-users] Security Enhanced Linux Kernel? Eh? What's going on here? O.o!
nah..
Re: [Trisquel-users] Security Enhanced Linux Kernel? Eh? What's going on here? O.o!
HuangLao, I don't feel I can learn anything all from your numerous "debates". It seems like all of your arguments are always based on speculations and aren't backed by any evidence. When you provide references they typically have little to do with your claims, are just some discussion between some random people or sometimes even oppose your claims. I think all of your disputes mainly contribute to misinformation, as most people can be bother to check for the facts you aren't providing. All this mainly serves as FUD, even if that's not your intention. I would still love to see a statement by the developers of AppArmor, where they say they made AppArmor because there are US government/spy agencies behind the SELinux project. This seems very interesting to me, but unfortunately I doubt there's such statement and it's much more likely it's your own explanation for things, only based on broad speculations. About conspiracies I find it really annoying that "conspiracy" nowadays is primarily associated with this kind of debates, where everything is speculated and no one is bothered to do any real research and provide any concrete evidence to support or refute claims. Debates where everything is just speculations based on references by to other speculations - numerous speculations stacked upon each other. You shouldn't use "conspiracy" or "conspiracy theory" when you just want to say that someone isn't providing any evidence. There are real conspiracies in the world, between companies, governments and others, and it's hardly surprising too if you think about it. But when "conspiracy" is associated primarily with this kind of debates, it starts imply that all conspiracies are made up, so people start to believe that such things just never happen.
Re: [Trisquel-users] Security Enhanced Linux Kernel? Eh? What's going on here? O.o!
Well, there's a difference between a conspiracy and a conspiracy theory. "Conspiracy theory" is pretty much ingrained as a label for this kind of nonsense: https://www.youtube.com/watch?v=EhWpP-vPUcQ I think most people can understand this important distinction and that real conspiracies (like Watergate, or the various digital restriction agreements) exist, so it's not necessary to reject this definition of "conspiracy theory". As for the use of the term "conspiracy" in this flame war, HuangLao was accusing people behind systemd of conspiring with Red Hat to "push" systemd on the community, so I don't think the term "conspiracy" was misplaced here.
Re: [Trisquel-users] Security Enhanced Linux Kernel? Eh? What's going on here? O.o!
Hasn't Trisquel/Ubuntu been using AppArmor for a long time by default instead of SELinux?
Re: [Trisquel-users] Security Enhanced Linux Kernel? Eh? What's going on here? O.o!
But there's a lot of programs that depend on SELinux. apt-cache rdepends libselinux1