Mailinglist Archive: opensuse-factory (1029 mails)

< Previous Next >
Re: [opensuse-factory] Re: [opensuse] Re: What happened to dovecot?
On 11/28/2013 1:13 PM, Claudio Freire wrote:
Standard or not, it's the kind of security mechanism that takes so
much effort and knowledge to properly set up, that it HAS to be set up
by the distribution, and by default, to be of any value.
Then why are firewalls 3rd party applications? They can be just
as hard to configure.

Besides, I didn't say unconfigured and uninstalled. I made a clear
distinction to have it setup, but allow changing the standard to be a choice
made by the user. Even if it was as little as a question during setup --
so they made a positive choice to choose the non-standard security policy --
would be enough.

So are you saying, or do you believe that if you don't force the
policy on users, it won't be of any value?

No security mechanism can be off by default on a distribution. That's
nonsense. That only protects niche users.

It's never been on by default before. Why does it HAVE to be on now
without user input? Either you are saying no one wants it because it has only
had niche testing and you need the opensuse community as guinea pigs to get the
testing done more than to 'niche' level, or you are saying That the existing
security mechanism = no security and that linux has never had any security until
apparmor arrived. Um...I don't think your statement makes sense.

SELinux is built-in by default. If they want SELinux, has it been
with AppArmor? There's also the Biba+Bell La-Padula security models embodied in
Smack. It has had the benefit of being a tried and true method for DOD machines
since the 80's. (FWIW, MS added something similar to the Biba model to NT in
Vista -- their 'Trusted Installer' at the most trusted and Low-trust for
shielding -- where lower privileged process can't write to higher integrity data stores.

As for it possibly only protecting niche users -- maybe only niche
users need
that level of protection -- vs. the accompanying problems of programs not

Generally, you don't let other people log onto your computer. If they have gotten that far, that's bad. AppArmor, is more for internal threats initiated from the computer
on parts of itself. That type of security policy might be more useful in protecting
computers FROM the USERS... Turning it on by default, certainly indicates an unwillingness
to even give users a choice of what security mechanisms they want on their

To unsubscribe, e-mail: opensuse-factory+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse-factory+owner@xxxxxxxxxxxx

< Previous Next >