Lee Brotzman wrote:
Crispin Cowan wrote:
I argue that openSUSE machines with AppArmor enabled are considerably more secure than Fedora machines with SELinux disabled.
You're not arguing it, you are stating it. And it's a specious statement in any case. There is no need to disable SELinux. Actually, the above statement is trivially true. The controversial implication is that most RH/Fedora users need to turn SELinux off.
You've given me yet another reason to dump openSUSE. Arrogance bred from self-assurance is no way to be secure. I'm sorry to see you go, but I object to the arrogance and self-serving charges. It seems to me that it is the SELinux community that overtly asserts that end users should not be writing security policy, and thus
That is a hard thing to prove, but it seems to bear out when ever I talk to users. Your opinions may vary :) One more statistical anecdote was at a technical lecture at MIT, where one assumes the audience is mostly pretty high tech. One of Novell's engineers asked for a show of hands, and of 15 RH/Fedora users, 2 still had SELinux enabled. they have made no attempt to make policy authoring accessible to end users. Instead, the enhanced GUI tools are ways to enable and disable existing SELinux policy. "You're too dumb for this, let the professionals handle it." seems much more arrogant than anything I have ever said. Crispin -- Crispin Cowan, Ph.D. http://crispincowan.com/~crispin/ Director of Software Engineering http://novell.com Security: It's not linear --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security+help@opensuse.org