[moved to debian-security, where it belongs] On Sat, 2003-11-29 at 22:47, David Spreen wrote: > Even if you're perfectly right with that, I consider it important to > provide our users the possibility to make their own choice regarding the > acl systems to use. You always have a choice to upload the security system of your choice to Debian, and make sure it works well with Debian, as Russell has done for SELinux. So far no one has done so for grsecurity or RSBAC. > Nevertheless I again would like to suggest a policy that forces the > maintainers of packages to deliver informations about used system > resources > of their programs. the system could use a db of installed-package > resources. Therefore we would need to create a common language that > could be translated to any acl-format. This doesn't make sense. The basis of SELinux is Type Enforcement and RBAC, not ACLs. Trying to create some sort of "generic" security policy that could map to a SELinux policy or grsecurity policy would be very difficult, and I wouldn't trust my system's security to such a thing.
Attachment:
signature.asc
Description: This is a digitally signed message part