reassign 463835 selinux-policy-refpolicy-strict kthxbye On Wed, Feb 06, 2008 at 12:52:02AM +0100, Erich Schubert wrote: > Hello Mark, > > I would expect to see something more like the Python policy which would
> The python policy is built on quite an amount of experience in how to do > it. We don't have that experience yet. Someone has to start somewhere. Not going to be me, sorry. It's not just the case that there are some details to be worked out here, there is (as far as I have been able to tell) no design at all for this. > > As far as the Leafnode package goes I am only interested in doing things > > that are a part of a coherent Debian system. Contributing to SELinux > > upstream is a separate issue. > Getting upstream help (feedback for the policy you wrote!) is essential. > I don't understand why you are so completely OPPOSED to this. I am not opposed to working with SELinux upstream on a policy - as I have said right from my initial e-mail it looks like the only sensible place to address this at present is in the reference policies, which of course means with SELinux upstream in the end. What I am opposed to is adding elements of SELinux policy to the Leafnode package without any support from the SELinux packages or even a design for how a package supplying policy should interact with the reference policy packages and with user configuration. As I have previously said I feel it would be inappropriate for me to attempt to develop standards for how this should work - whoever works on this should be someone who is familiar not only with SELinux but also with issues like the kinds of problems that are likely to occur as the SELinux policy best practices continue to evolve and interfaces between policy modules change. Reassigning to a randomly chosen SELinux policy package. I may find time to look into working with upstream on that but there is no way I am going to add anything to the Leafnode package itself that involves me designing new SELinux packaging practices. If there were some progress in that direction I would be willing to look into including SELinux policy in the Leafnode package but not as things stand. -- "You grabbed my hand and we fell into it, like a daydream - or a fever." -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
