Re: Reasons for Inclusion

From: jmjonesat_private
Date: Fri Mar 22 2002 - 14:38:14 PST

  • Next message: jmjonesat_private: "Re: Reasons for Inclusion"

    On Fri, 22 Mar 2002, Russell Coker wrote:
    
    > On Fri, 22 Mar 2002 22:50, jmjonesat_private wrote:
    > > > In many cases, they may hear of "trusted computing" or perhaps even
    > > > "orange book B1" (or the new buzphrase "trustworty computing"). But
    > > > without an example of one it is impossible to determine if such a beast
    > > > would be usefull. Much less learn how to use it.
    > >
    > > Not sure how LSM helps this.
    > 
    > LSM allows the implementation of most of the features that the obsolete B1 
    > standard required.  Note that B1/C2 security standards were not for OSs or 
    > security systems, they were for specific configurations.  Linux would not 
    > meet C2 any more than NT would, an OS can not meet it, it's a particular 
    > configuration of an OS.  A good configuration of SE Linux would be likely to 
    > meet C2.
    
    Good.  That's an pro-argument point.  
    
    > 
    > > > It also will expand the confidence of some administrators just knowing
    > > > that if it DID become necessary/mandatory, it is possible to increase the
    > > > security level of the system.
    > >
    > > It's possible now.  I've done it, most of my "compatriots" have done it,
    > > but not nearly as well as LSM has done.  My solutions have never been LSM
    > > compatible.  We want CHOICES, and we want them to be enumerated and
    > > argued.
    > 
    > Organize a security BOF at the next Linux conference you attend and you can 
    > have an argument about these things.
    > 
    
    Maybe.  So, you're saying that this list is not tolerant of opinions
    contradicting your own and those people should just "talk among
    themselves?" and never ask questions here?
    
    > > > In some environments it is already mandated to have more security than
    > > > that defined as "C2", but it isn't being done just because "it isn't
    > > > standard" or "it's too expensive" (the usual answer I get :).
    > >
    > > Can LSM support C2 fully, verifiably, and certifiably?  That's an
    > > advantage, if it can.  Has anybody proved this (at least in a paper?)
    > 
    > C2 is not relevant, it's been made obsolete.  I believe that the new 
    > standards are called "common criteria", but I'm not certain.  Whether some 
    > specific configuration of Linux can pass some contrived tests means nothing 
    > to me.
    > 
    
    Good.  It means nothing to you.  You're saying that your opinion is the
    "end-all-and-be-all" here?  Kewl, I'll pass my thoughts to you directly.
    
    > 
    > Now there's some things you need to know.
    > 
    > Firstly starting a debate about whether software is needed is not the thing 
    > to do on a development list.  A development list is for people who want to 
    > discuss development.
    
    No.  That's not what I'm doing.  I'm starting a debate about "what benefit
    does LSM clearly provide that can be used to win-the-day with the LDs and
    Linus and the users to justify the INCLUSION of LSM in the kernel-proper."
    If nobody here is willing to argue the benefit, I think it's a wonderful
    co-operative patch that will never go ANYWHERE... since "I'm right because
    I say so" is never a really good sales strategy.
    
    Develope something that's not generally useful, you have a nice brick to
    put on your mantel... developers need to consider how their output will be
    received.
    
    > 
    > The next thing is that sigs should be no more than 4 lines.  If you have a 
    > longer sig you are demonstrating ignorance or contempt for the conventions of 
    > polite discussion on the net.
    
    My sig is 6 lines long... one identifies me, 4 identify what I do, and one
    shows where you can find me on the web.  The rest is merely formatting.
    I'm not ONLY advertising, I'm declaring myself.
    
    
    > 
    > Finally if you know what you are doing you don't quote people's sigs back to 
    > them when replying to the list.
    > 
    
    Um, if people want to put a sig on their name, or a Dr. or an MLS, I quote
    it back... why would anybody use a sig that they were not proud of?  I do
    it entirely as a sign of respect.  Your "sig" is short for "signature", is
    it NOT?  Doesn't it identify you, personally?   Don't be so "judgemental"
    about how people identify themselves... but if 4 lines is your "thing",
    see my sig below.  :)
    
    I know, from YOUR sig, that you don't respect copyright/intellectual
    property notices in email you receive.
    
    Sincerely,
    J. Melvin Jones
    
    ++++++++
    J. Melvin Jones (jmjonesat_private | http://www.jmjones.com/ )
    Microcomputer Systems Consultant, Software Developer; Web Site Design,
    Hosting, and Administration; Network and Systems Administration.
    
    
    
    
    
    _______________________________________________
    linux-security-module mailing list
    linux-security-moduleat_private
    http://mail.wirex.com/mailman/listinfo/linux-security-module
    



    This archive was generated by hypermail 2b30 : Fri Mar 22 2002 - 14:40:10 PST