diff options
| author | Nicolas Vigier <boklm@mageia.org> | 2013-04-14 13:46:12 +0000 |
|---|---|---|
| committer | Nicolas Vigier <boklm@mageia.org> | 2013-04-14 13:46:12 +0000 |
| commit | 1be510f9529cb082f802408b472a77d074b394c0 (patch) | |
| tree | b175f9d5fcb107576dabc768e7bd04d4a3e491a0 /zarb-ml/mageia-dev/2011-November/009596.html | |
| parent | fa5098cf210b23ab4f419913e28af7b1b07dafb2 (diff) | |
| download | archives-master.tar archives-master.tar.gz archives-master.tar.bz2 archives-master.tar.xz archives-master.zip | |
Diffstat (limited to 'zarb-ml/mageia-dev/2011-November/009596.html')
| -rw-r--r-- | zarb-ml/mageia-dev/2011-November/009596.html | 158 |
1 files changed, 158 insertions, 0 deletions
diff --git a/zarb-ml/mageia-dev/2011-November/009596.html b/zarb-ml/mageia-dev/2011-November/009596.html new file mode 100644 index 000000000..95eeb08e6 --- /dev/null +++ b/zarb-ml/mageia-dev/2011-November/009596.html @@ -0,0 +1,158 @@ +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN"> +<HTML> + <HEAD> + <TITLE> [Mageia-dev] (second attempt) suggesting sectool be dropped + </TITLE> + <LINK REL="Index" HREF="index.html" > + <LINK REL="made" HREF="mailto:mageia-dev%40mageia.org?Subject=Re%3A%20%5BMageia-dev%5D%20%28second%20attempt%29%20suggesting%20sectool%20be%20dropped&In-Reply-To=%3C4EC559A1.5050901%40arcor.de%3E"> + <META NAME="robots" CONTENT="index,nofollow"> + <META http-equiv="Content-Type" content="text/html; charset=us-ascii"> + <LINK REL="Previous" HREF="009613.html"> + <LINK REL="Next" HREF="009543.html"> + </HEAD> + <BODY BGCOLOR="#ffffff"> + <H1>[Mageia-dev] (second attempt) suggesting sectool be dropped</H1> + <B>Florian Hubold</B> + <A HREF="mailto:mageia-dev%40mageia.org?Subject=Re%3A%20%5BMageia-dev%5D%20%28second%20attempt%29%20suggesting%20sectool%20be%20dropped&In-Reply-To=%3C4EC559A1.5050901%40arcor.de%3E" + TITLE="[Mageia-dev] (second attempt) suggesting sectool be dropped">doktor5000 at arcor.de + </A><BR> + <I>Thu Nov 17 19:59:45 CET 2011</I> + <P><UL> + <LI>Previous message: <A HREF="009613.html">[Mageia-dev] (second attempt) suggesting sectool be dropped +</A></li> + <LI>Next message: <A HREF="009543.html">[Mageia-dev] [changelog] [RPM] cauldron core/release php-pear-PHPUnit-3.6.3-2.mga2 +</A></li> + <LI> <B>Messages sorted by:</B> + <a href="date.html#9596">[ date ]</a> + <a href="thread.html#9596">[ thread ]</a> + <a href="subject.html#9596">[ subject ]</a> + <a href="author.html#9596">[ author ]</a> + </LI> + </UL> + <HR> +<!--beginarticle--> +<PRE>Am 17.11.2011 11:26, schrieb Michael scherer: +><i> On Tue, Nov 15, 2011 at 11:39:29AM +0100, Florian Hubold wrote: +</I>>><i> Am 15.11.2011 07:29, schrieb Michael Scherer: +</I>>>><i> Le lundi 14 novembre 2011 à 22:09 -0800, Robert M. Riches Jr. a écrit : +</I>>>>><i> (New list subscriber...needed to fix registered email address to post...) +</I>>>>><i> +</I>>>>><i> I was asked to submit this suggestion to the mailing list: +</I>>>>><i> +</I>>>>><i> As a Mageia user, I believe msec was much better off with_OUT_ +</I>>>>><i> sectool. In its present state, sectool is BADLY broken. It +</I>>>>><i> whines for pages about file permissions that are exactly as they +</I>>>>><i> should be. +</I>>>><i> Can you be more specific ? +</I>>><i> It think he means this: <A HREF="https://bugs.mageia.org/show_bug.cgi?id=2808">https://bugs.mageia.org/show_bug.cgi?id=2808</A> +</I>>><i> or <A HREF="https://bugs.mageia.org/show_bug.cgi?id=2255#c21">https://bugs.mageia.org/show_bug.cgi?id=2255#c21</A> or +</I>>><i> <A HREF="https://bugs.mageia.org/show_bug.cgi?id=2255#c22">https://bugs.mageia.org/show_bug.cgi?id=2255#c22</A> +</I>>><i> +</I>>><i> I've also become supportive of this, sectool is basically duplicating +</I>>><i> partly msec functionality, there was no adaption for Mageia, currently it's +</I>>><i> checking on Mageia with the upstream Fedora configuration. +</I>>><i> +</I>>><i> Honestly this should have been done when importing it, as +</I>>><i> tmb already mentioned. msec should be patched to not require it. +</I>>><i> +</I>>><i> When we can't even get our default security tool to work properly, +</I>>><i> what's the point in adding a second one which needs even more +</I>>><i> maintenance? +</I>><i> As you say, the question is again "why was it uploaded in the first place". +</I>><i> It seems some packages were uploaded, and there seemed to have not enough +</I>><i> tests. While that's hard or impossible to avoid totally, that's not really +</I>><i> the way to achieve a good distribution :/ +</I>In most cases QA can test, but normally with some packages they can't tell: +Is this the expected result or is this totally off and has to be corrected? +Like with msec or sectool output, where we'd need security experts +which know the distro from head to toe and can make educated decisions +which output or warning is wanted and which bogus. + +So in this case it's not QA to blame. +><i> I neither use msec or sectool, so I personnaly do not care that much. +</I>><i> Afaik, sectool was created by a ex mandriva/mandrake guy ( vincent danen ), +</I>><i> because he was ( rightfully ) wanting to rewrite msec, who is/was +</I>><i> a mess of bash + python + perl code ( and rather ugly code, afaik, last time +</I>><i> I took a look ), but if msec is supported, and sectool is not, then I guess +</I>><i> we could drop. However, I still think we should first attempt to collaborate +</I>><i> and fix it. ( ie, always have the reflex of "try to fix and collaborate" ). +</I>><i> +</I>Normally i'd have the same stance on this. But given the facts that we +currently have +reports and users complaining about msec and superfluous warnings on the default +security level, which needs some serious love, and the fact that sectool runs with +upstream (fedora) configuration, and needs the whole configuration adapted +to Mageia. And that this adds on duplication because the two configurations +for msec and secgui need to be kept in sync, i'm in favor of dropping it for mga2. + +Any objections or better proposals? + + +BTW: Vincent Danen wrote sectool for Fedora, and he's currently working in the +Red Hat Security Response Team. +</PRE> + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +<!--endarticle--> + <HR> + <P><UL> + <!--threads--> + <LI>Previous message: <A HREF="009613.html">[Mageia-dev] (second attempt) suggesting sectool be dropped +</A></li> + <LI>Next message: <A HREF="009543.html">[Mageia-dev] [changelog] [RPM] cauldron core/release php-pear-PHPUnit-3.6.3-2.mga2 +</A></li> + <LI> <B>Messages sorted by:</B> + <a href="date.html#9596">[ date ]</a> + <a href="thread.html#9596">[ thread ]</a> + <a href="subject.html#9596">[ subject ]</a> + <a href="author.html#9596">[ author ]</a> + </LI> + </UL> + +<hr> +<a href="https://www.mageia.org/mailman/listinfo/mageia-dev">More information about the Mageia-dev +mailing list</a><br> +</body></html> |