[arch-general] Why isn't SELinux officially supported?
Martin Kühne
mysatyre at gmail.com
Wed Mar 1 16:16:03 UTC 2017
On Wed, Mar 1, 2017 at 4:51 PM, Robert Wong via arch-general
<arch-general at archlinux.org> wrote:
> Coming up:
> ...and detailed set up process on the Wiki, why can't those packages magically be maintained at the official repos? Since the upgrade experience of AUR packages are trully awkward... And I don't consider it safe to replace most of the critical packages with AUR packages...
Wow. Interesting how the idea of a binary produced on your own machine
appeals less to you than a binary package delivered to you from
somewhere. Of course the arch repos aren't anywhere, but the way you
put it it would appear you don't feel up to the job of maintaining a
local build of security infrastructure of the kernel.
To take away the result of a big part of discussions about security
infrastructure, apparently, nobody appears to deem the job of
maintaining and configuring security infrastructure for the official
repository worth their time, which I think is at least part of the
reason it's not there. I am probably oversimplifying the matter here,
this is just to get you thinking.
If you want to run a secure setup, how about you throw away all
software you don't trust personally and are capable of reading its
source code. It's an interesting experiment and likely helps you find
the priorities to learn what matters about the software you run. Also
note that security infrastructure does not replace well-tuned
configuration, since it's apparently easier to misconfigure SELinux
than it is to use a good key cypher and deactivating password-based
logins on your SSH servers.
cheers!
mar77i
More information about the arch-general
mailing list