On Fri, 3 Feb 2012, Russ Allbery <r...@debian.org> wrote: > For example, Debian could immediately become a much more secure OS by > enabling SELinux in enforcing mode on all Debian systems. The reason why > we don't do this is that currently that tradeoff doesn't make sense; too > much other stuff doesn't work, too much other effort is required, and > we're not in a position to enforce that technology, even if it would > increase security.
SE Linux is supported in critical packages including the kernel, sysvinit, and cron. So any user who wants to use it can just install the SE Linux specific packages and rely on the built-in support for SE Linux in important base packages. This compares to the PHP/Suhosin situation where users who want that have no option other than to download the source and the Suhosin patch and build their own packages. For the analogy you want to make a better option would be GR Security which is not supported in the Debian kernel and won't be supported in the forseeable future. -- My Main Blog http://etbe.coker.com.au/ My Documents Blog http://doc.coker.com.au/ -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/201202031046.00230.russ...@coker.com.au
