On Fri, 22 Mar 2002 23:38, jmjonesat_private wrote: > > > It's possible now. I've done it, most of my "compatriots" have done > > > it, but not nearly as well as LSM has done. My solutions have never > > > been LSM compatible. We want CHOICES, and we want them to be > > > enumerated and argued. > > > > Organize a security BOF at the next Linux conference you attend and you > > can have an argument about these things. > > Maybe. So, you're saying that this list is not tolerant of opinions > contradicting your own and those people should just "talk among > themselves?" and never ask questions here? No, I'm saying that you should know the basics if you want to join a discussion. Also you should stick to the topic. The topic of this list is not to debate how to promote kernel patches, and it's not to teach newbies the basics about security. It's to discuss ongoing LSM development work. > > C2 is not relevant, it's been made obsolete. I believe that the new > > standards are called "common criteria", but I'm not certain. Whether > > some specific configuration of Linux can pass some contrived tests means > > nothing to me. > > Good. It means nothing to you. You're saying that your opinion is the > "end-all-and-be-all" here? Kewl, I'll pass my thoughts to you directly. Do some research about C2, then do some research into what's needed to implement secure systems in the real world. Talk to someone who has worked as a network administrator at a large ISP or another site involving security and real-world requirements. Then you will know how little relevance C2 had unless you were trying to sell software to the US military. Then do some research into the amount of time that it used to require (mandated not through beuracracy) to get a C2 and compare it to the way that Linux software is developed. It's really not a good match. > > Now there's some things you need to know. > > > > Firstly starting a debate about whether software is needed is not the > > thing to do on a development list. A development list is for people who > > want to discuss development. > > No. That's not what I'm doing. I'm starting a debate about "what benefit > does LSM clearly provide that can be used to win-the-day with the LDs and > Linus and the users to justify the INCLUSION of LSM in the kernel-proper." > If nobody here is willing to argue the benefit, I think it's a wonderful > co-operative patch that will never go ANYWHERE... since "I'm right because > I say so" is never a really good sales strategy. It's not about sales in that fashion. But if you think it is then please feel free to take the issue up on slashdot. I'll give it the same amount of attention and consideration that I give all other slashdot arguements. > Develope something that's not generally useful, you have a nice brick to > put on your mantel... developers need to consider how their output will be > received. It is generally useful. My work on producing SE Linux policy files and Debian packages of SE Linux has already proceeded far enough to demonstrate it's use (even though I'm not nearly finished). Talk is cheap, code counts. I think I'm doing my share of coding here, are you doing your's? If all you have is opinions with no code or practical experience to back it up then slashdot is the forum for you. > > The next thing is that sigs should be no more than 4 lines. If you have > > a longer sig you are demonstrating ignorance or contempt for the > > conventions of polite discussion on the net. > > My sig is 6 lines long... one identifies me, 4 identify what I do, and one > shows where you can find me on the web. The rest is merely formatting. > I'm not ONLY advertising, I'm declaring myself. Everyone else can declare themselves in 4 lines or less. > > Finally if you know what you are doing you don't quote people's sigs back > > to them when replying to the list. > > Um, if people want to put a sig on their name, or a Dr. or an MLS, I quote > it back... why would anybody use a sig that they were not proud of? I do > it entirely as a sign of respect. Your "sig" is short for "signature", is It's not a sign of respect, it's a sign that you're a newbie and don't know the way things work. Think about it for 10 seconds. If everyone quotes sigs and quotes the quotes of sigs, after a few messages back and forth you'll have pages of sigs (remember that Claire Swire email). It doesn't scale, it doesn't make sense, it wastes bandwidth, and it demonstrates a lack of intelligence by people who do it. > it NOT? Doesn't it identify you, personally? Don't be so "judgemental" > about how people identify themselves... but if 4 lines is your "thing", > see my sig below. :) I didn't invent the idea of a 4 line sig. It's been around for over 10 years. > I know, from YOUR sig, that you don't respect copyright/intellectual > property notices in email you receive. It is my right under Australian law to reject a contract that is offered to me. I can amend a contract and return it to the author and my amendements will be in effect unless the author disputes them. Or I can reject contracts entirely. The fact that I reject shrink-wrap type contract agreements applied to email merely means that you have to refrain from sending email to me if you want to apply such contractual terms. Not that it really matters, contract conditions in email .sigs are probably void anyway, there is precedent in paper letters to indicate as such but no precedent directly dealing with email. -- http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/ Postal SMTP/POP benchmark http://www.coker.com.au/projects.html Projects I am working on http://www.coker.com.au/~russell/ My home page _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Fri Mar 22 2002 - 15:08:15 PST