[Freedombox-discuss] PHP is not the problem, security is!
simo
idra at samba.org
Tue Jul 17 21:15:43 UTC 2012
On Tue, 2012-07-17 at 16:34 -0400, Boruch Baum wrote:
> On 07/17/2012 02:45 PM, simo wrote:
> > Hi Boruch, I have been working with SELinux for quite a few years
> > now, and I find it complete and tested on the ground
> No arguing with any product whose completeness and state of testing
> has been approved of, and recommended by, the US National Security Agency.
I seem to recognize a hint of sarcasm in this reply, pardon me if I am
reading wrongly, trying to read 'tone' over email is not a good idea
normally.
However I do not care much about the fact the US NSA recommends or
approves or even initially contributed it, my liking comes from the fact
I use it every day as it is the default MAC security mechanism on my
distribution and it works quite well. Also lots of people use it for
real and it works well for them too, it's just that proven in the field,
nothing more nothing less.
> > in a manner that trumps all other players from my POV.
> No point arguing with a POV, but this statement is conjectural, in
> addition to being subjective.
Well my POV can clearly be biased by my personal experience, I find it
hard to fault that, that said the installed user base that actually sues
SELinux is impressive, and is objectively larger than the user base
using Tomoyo, with arguably a lot more development and research gone
into it. Yes conjectures, but I think they have some ground.
> > In what ways is Tomoyo simpler ?
> My recollection is that, for me, the total learning curve to master
> the product was under one half hour. Over the course of a few sessions
> using tomoyo, I did have to refer back to their documentation for the
> syntax of some features, but nothing more than that.
Funny, I think I had a similar experience with SELinux, but I like
complex security related stuff, so again I may just be biased.
> > I admit I do not know much about tomoyo,
> If you're interested, the project homepage is: tomoyo.sourceforge.jp
> Also, there is a nice feature chart here:
> http://tomoyo.sourceforge.jp/comparison.html.en
> The homepage has the full documentation online for all its versions.
> Enjoy!
I wish I had more time to try it out, but the table you link is
interesting, looks like Tomoyo doesn't have a consistent feature-set but
regresses and re-evolves over time ?
Simo.
--
Simo Sorce
Samba Team GPL Compliance Officer <simo at samba.org>
Principal Software Engineer at Red Hat, Inc. <simo at redhat.com>
More information about the Freedombox-discuss
mailing list