From: guido@trentalancia.com (Guido Trentalancia) Date: Fri, 18 Mar 2011 20:13:13 +0100 Subject: [refpolicy] dual mailing list (was Question: and the policy grows...) In-Reply-To: <4D83A727.4050903@redhat.com> References: <1300369855.30425.14.camel@tesla.lan> <4D8219D9.7080504@redhat.com> <1300377867.30425.40.camel@tesla.lan> <4D823A60.9020107@redhat.com> <1300390804.31755.6.camel@tesla.lan> <4D8361F7.8060007@tresys.com> <1300468448.14419.9.camel@tesla.lan> <4D83A727.4050903@redhat.com> Message-ID: <1300475593.14419.29.camel@tesla.lan> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com On Fri, 18/03/2011 at 14.40 -0400, Daniel J Walsh wrote: > On 03/18/2011 01:14 PM, Guido Trentalancia wrote: > > Hello again Christopher ! > > > > On Fri, 18/03/2011 at 09.45 -0400, Christopher J. PeBenito wrote: > >> On 03/17/11 15:40, Guido Trentalancia wrote: > >>> On Thu, 17/03/2011 at 12.44 -0400, Daniel J Walsh wrote: > >>>> On 03/17/2011 12:04 PM, Guido Trentalancia wrote: > >>>>> On Thu, 17/03/2011 at 10.25 -0400, Daniel J Walsh wrote: > >> > >>>> I think getting people to go in and examine the policy and ask > >>>> questions, why do we have these rules would be helpful. Maybe we setup > >>>> test days, or something to remove bogus policy. > >>> > >>> There is at least the limit of not having many people on this list > >>> compared to most other Linux projects. Perhaps security is considered > >>> something boring to the average user/developer. Or even more likely > >>> SELinux is still perceived as "difficult to get into" (a documentation > >>> issue). > >> > >> I think theres two things. > >> > >> 1. People don't actually care about security, especially if it > >> complicates/hinders what they're trying to do. Most people seek > >> security measures as a reaction to a security breach. > >> 2. Of the people that have some interest, SELinux is typically seen as > >> too difficult. We've been working on improving this for years. > > > > I have an idea. > > > > Things will probably improve considerably if you manage to set up two > > separate mailing lists: one for the end-users and one for the > > developers. This mailing list will coincide with the latter. > > > > This is common practice in open source software. The cost is minimal > > (reconfiguration of an existing mailing list server and update of a few > > existing web pages and documents). > > > > Most of the time users are facing common issues and could help each > > other. Archived message would make a knowledge base. Developers could > > voluntarily spare some time on the end-user mailing list and at the same > > time could benefit from important feedback that is not an explicit bug > > report. > > > > Of course the same could be done for SELinux with similar benefits and > > cost. > > > > Regards, > > > > Guido > > > There is a fairly active list for SELinux users although distribution > specific > > selinux at lists.fedoraproject.org > > I also monitor most other Fedora users lists for mention of SELinux. For SELinux it would probably be equivalent because of the little differences in the standard tools. But when it comes to the policy perhaps there are major differences as all the patches that I have seen on different distributions are usually quite heavy and specific... I don't know, it was just an idea.