From: cpebenito@tresys.com (Christopher J. PeBenito)
Date: Fri, 18 Mar 2011 09:45:27 -0400
Subject: [refpolicy] Question: and the policy grows...
In-Reply-To: <1300390804.31755.6.camel@tesla.lan>
References: <1300369855.30425.14.camel@tesla.lan>	<4D8219D9.7080504@redhat.com>
	<1300377867.30425.40.camel@tesla.lan>	<4D823A60.9020107@redhat.com>
	<1300390804.31755.6.camel@tesla.lan>
Message-ID: <4D8361F7.8060007@tresys.com>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On 03/17/11 15:40, Guido Trentalancia wrote:
> On Thu, 17/03/2011 at 12.44 -0400, Daniel J Walsh wrote:
>> On 03/17/2011 12:04 PM, Guido Trentalancia wrote:
>>> On Thu, 17/03/2011 at 10.25 -0400, Daniel J Walsh wrote:

>> I think getting people to go in and examine the policy and ask
>> questions, why do we have these rules would be helpful.  Maybe we setup
>> test days, or something to remove bogus policy.
> 
> There is at least the limit of not having many people on this list
> compared to most other Linux projects. Perhaps security is considered
> something boring to the average user/developer. Or even more likely
> SELinux is still perceived as "difficult to get into" (a documentation
> issue).

I think theres two things.

1. People don't actually care about security, especially if it
complicates/hinders what they're trying to do.  Most people seek
security measures as a reaction to a security breach.
2. Of the people that have some interest, SELinux is typically seen as
too difficult.  We've been working on improving this for years.

-- 
Chris PeBenito
Tresys Technology, LLC
www.tresys.com | oss.tresys.com