On 11/28/2013 1:13 PM, Claudio Freire wrote:
Standard or not, it's the kind of security mechanism that takes so much effort and knowledge to properly set up, that it HAS to be set up by the distribution, and by default, to be of any value.
Then why are firewalls 3rd party applications? They can be just as hard to configure. Besides, I didn't say unconfigured and uninstalled. I made a clear distinction to have it setup, but allow changing the standard to be a choice made by the user. Even if it was as little as a question during setup -- so they made a positive choice to choose the non-standard security policy -- that would be enough. So are you saying, or do you believe that if you don't force the security policy on users, it won't be of any value?
No security mechanism can be off by default on a distribution. That's nonsense. That only protects niche users.
It's never been on by default before. Why does it HAVE to be on now without user input? Either you are saying no one wants it because it has only had niche testing and you need the opensuse community as guinea pigs to get the testing done more than to 'niche' level, or you are saying That the existing security mechanism = no security and that linux has never had any security until apparmor arrived. Um...I don't think your statement makes sense. SELinux is built-in by default. If they want SELinux, has it been tested with AppArmor? There's also the Biba+Bell La-Padula security models embodied in Smack. It has had the benefit of being a tried and true method for DOD machines since the 80's. (FWIW, MS added something similar to the Biba model to NT in Vista -- their 'Trusted Installer' at the most trusted and Low-trust for internet shielding -- where lower privileged process can't write to higher integrity data stores. As for it possibly only protecting niche users -- maybe only niche users need that level of protection -- vs. the accompanying problems of programs not working. Generally, you don't let other people log onto your computer. If they have gotten that far, that's bad. AppArmor, is more for internal threats initiated from the computer on parts of itself. That type of security policy might be more useful in protecting computers FROM the USERS... Turning it on by default, certainly indicates an unwillingness to even give users a choice of what security mechanisms they want on their computer. -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org