[arch-general] Why isn't SELinux officially supported?

Robert Wong leo_wsy at foxmail.com
Wed Mar 1 16:45:07 UTC 2017


Thanks.
But I'm not meaning disappealing, I just felt uncomfortable when I see the packages from the AUR can't be updated by the pacman and I don' feel like using yaourt... Probably it's my obsessive compulsive disorder overtaking me. I'm looking forward to build a local repos for all my installed AUR packages so that they can upgraded by pacman -Syu.
Though I'm probably still new to Arch, I used Fedora beforehand and I AM CLEARLY know the importance of a well-maintained configuration. And of course I am familiar - not daring to say mastering - with how SELinux works.
If I said something wrong, then I apologize. And as I mentioned, I'm not intended to blame anyone of cause a fight, I'm just trying to discuss it's potiential to move it to the official repos.
Now that I have read the formal posts, and I think I've already have a clear image of 'why'.
Sorry to make you feel uncomfortable by my words. I'm from a non-English country and I'm not good at expressing.

RW

On Mar 2, 2017, at 12:16 AM, Martin Kühne via arch-general <arch-general at archlinux.org> wrote:

> On Wed, Mar 1, 2017 at 4:51 PM, Robert Wong via arch-general
> <arch-general at archlinux.org> wrote:
>> Coming up:
>> ...and detailed set up process on the Wiki, why can't those packages magically be maintained at the official repos? Since the upgrade experience of AUR packages are trully awkward... And I don't consider it safe to replace most of the critical packages with AUR packages...
> 
> Wow. Interesting how the idea of a binary produced on your own machine
> appeals less to you than a binary package delivered  to you from
> somewhere. Of course the arch repos aren't anywhere, but the way you
> put it it would appear you don't feel up to the job of maintaining a
> local build of security infrastructure of the kernel.
> 
> To take away the result of a big part of discussions about security
> infrastructure, apparently, nobody appears to deem the job of
> maintaining and configuring security infrastructure for the official
> repository worth their time, which I think is at least part of the
> reason it's not there. I am probably oversimplifying the matter here,
> this is just to get you thinking.
> 
> If you want to run a secure setup, how about you throw away all
> software you don't trust personally and are capable of reading its
> source code. It's an interesting experiment and likely helps you find
> the priorities to learn what matters about the software you run. Also
> note that security infrastructure does not replace well-tuned
> configuration, since it's apparently easier to misconfigure SELinux
> than it is to use a good key cypher and deactivating password-based
> logins on your SSH servers.
> 
> cheers!
> mar77i
> 


More information about the arch-general mailing list